mixlib-archive Path Traversal vulnerability
Published: May 13, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2017-1000026 (NVD)
- GHSA: GHSA-98wx-cw86-c97x
- Vendor Advisory: https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
>= 0.4.0
DESCRIPTION
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable
to a directory traversal attack allowing attackers to overwrite arbitrary files
by using .. in tar archive entries