Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ruby-archive-tar-minitar", "binary_version": "0.5.2-2+deb8u1build0.14.04.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ruby-archive-tar-minitar", "binary_version": "0.5.4-3.1build0.16.04.1" }, { "binary_name": "ruby-minitar", "binary_version": "0.5.4-3.1build0.16.04.1" } ] }