Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: archive-tar-minitar
date: 2016-08-22
url: https://github.com/atoulme/minitar/issues/5
cve: 2016-10173
title: Archive-Tar-Minitar Directory Traversal Vulnerability
description: |
  Minitar allows attackers to overwrite arbitrary files during archive
  extraction via a .. (dot dot) in an extracted filename. Analogous
  vulnerabilities for unzip and tar:
  https://www.cvedetails.com/cve/CVE-2001-1268/ and
  http://www.cvedetails.com/cve/CVE-2001-1267/

  Credit: ecneladis
patched_versions:
- ">= 0.60"