cve/CVE-2018-1000544.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 17:22:02 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..

POC

Reference

https://access.redhat.com/errata/RHSA-2018:3466
https://access.redhat.com/errata/RHSA-2018:3466
https://github.com/rubyzip/rubyzip/issues/369
https://github.com/rubyzip/rubyzip/issues/369

Github

https://github.com/fellipeh/redhat_sec
https://github.com/jpbprakash/vuln
https://github.com/mile9299/zip-slip-vulnerability
https://github.com/snyk/zip-slip-vulnerability

1.1 KiB Raw Blame History

CVE-2018-1000544

Description

POC

Reference

Github

1.1 KiB

Raw Blame History