DSA-3801-1 ruby-zip -- ruby-zip
|ID: oval:org.secpod.oval:def:602797||Date: (C)2017-03-09 (M)2020-06-04|
|Class: PATCH||Family: unix|
It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. in an extracted filename.