archive-tar-minitar 0.5.2
1 security vulnerability
found in version
0.5.2
Archive-Tar-Minitar Directory Traversal Vulnerability
high severity CVE-2016-10173
high severity
CVE-2016-10173
Patched versions:
>= 0.6.0
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/
Credit: ecneladis
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Gem version without a license.
Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.
This gem version is available.
This gem version has not been yanked and is still available for usage.