Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
rubyzip Zip::File组件路径遍历漏洞
Vulnerability Description
rubyzip gem是一个用于读写zip文件的Ruby库。Zip::File是其中的一个解压缩文件组件。 rubyzip 1.2.1及之前版本中的Zip::File组件存在目录遍历漏洞。攻击者可通过上传恶意的文件利用该漏洞向文件系统中写入任意的文件。
CVSS Information
N/A
Vulnerability Type
N/A