Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.5.2-2+deb8u1build0.14.04.1", "binary_name": "ruby-archive-tar-minitar" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.5.4-3.1build0.16.04.1", "binary_name": "ruby-archive-tar-minitar" }, { "binary_version": "0.5.4-3.1build0.16.04.1", "binary_name": "ruby-minitar" } ] }