Vulnerabilities > Rubyzip Project

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2019-16892 In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed.
local
low complexity
rubyzip-project fedoraproject redhat
5.5
2018-06-26 CVE-2018-1000544 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
network
low complexity
rubyzip-project debian redhat CWE-434
7.5
2017-02-27 CVE-2017-5946 Path Traversal vulnerability in multiple products
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability.
network
low complexity
rubyzip-project debian CWE-22
7.5