CVE-2018-1000544

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
rubyzip_projectrubyzip
𝑥
≤ 1.2.1
debiandebian_linux
8.0
debiandebian_linux
9.0
redhatcloudforms
4.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-zip
bullseye
2.0.0-2
fixed
sid
2.3.2-1
fixed
trixie
2.3.2-1
fixed
bookworm
2.3.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-zip
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
Fixed 1.2.1-1.1~build0.18.04.1
released
artful
ignored
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:3466
https://github.com/rubyzip/rubyzip/issues/369
https://lists.debian.org/debian-lts-announce/2018/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00002.html
https://access.redhat.com/errata/RHSA-2018:3466
https://github.com/rubyzip/rubyzip/issues/369
https://lists.debian.org/debian-lts-announce/2018/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00002.html