ADVISORIES

• CVE-2017-1000026 (NVD)
• GHSA-98wx-cw86-c97x
• Vendor Advisory

GEM

mixlib-archive

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

• >= 0.4.0

DESCRIPTION

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using .. in tar archive entries

RELATED

• https://github.com/chef/mixlib-archive/pull/6