DSA-3778-1 ruby-archive-tar-minitar -- ruby-archive-tar-minitarID: oval:org.secpod.oval:def:602763 | Date: (C)2017-02-07 (M)2021-06-06 |
Class: PATCH | Family: unix |
Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. in an extracted filename.
Product: |
ruby-archive-tar-minitar |