Description
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-808-1 | ruby-archive-tar-minitar security update |
Debian DSA |
DSA-3778-1 | ruby-archive-tar-minitar security update |
EUVD |
EUVD-2017-0246 | Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. |
Github GHSA |
GHSA-h5g2-38x9-4gv3 | archive-tar-minitar and minitar vulnerable to Path Traversal |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T03:14:42.017Z
Reserved: 2017-01-29T00:00:00.000Z
Link: CVE-2016-10173
No data.
Status : Modified
Published: 2017-02-01T15:59:00.177
Modified: 2026-06-17T00:39:12.560
Link: CVE-2016-10173
OpenCVE Enrichment
No data.
Weaknesses
Debian DLA
Debian DSA
EUVD
Github GHSA