ADVISORIES
GEM
SEVERITY
CVSS v3.x: 5.5 (Medium)
PATCHED VERSIONS
- >= 1.3.0
DESCRIPTION
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).