Oval Definition:	oval:org.opensuse.security:def:20181000544
Revision Date: 2022-06-30 Version: 1 Title: CVE-2018-1000544 Description: rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2018-1000544 SUSE CVE-2018-1000544 Platform(s): openSUSE Tumbleweed Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND Package Information ruby2.7-rubygem-rubyzip-2.3.2-1.2 is installed OR ruby3.0-rubygem-rubyzip-2.3.2-1.2 is installed
BACK