Minitar Directory Traversal Vulnerability
Published: August 22, 2016
SECURITY IDENTIFIERS
- CVE: CVE-2016-10173 (NVD)
- GHSA: GHSA-h5g2-38x9-4gv3
- Vendor Advisory: https://github.com/halostatue/minitar/issues/16
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
>= 0.6.0
DESCRIPTION
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/
Credit: ecneladis