CVE-2019-16892

Published 3 months ago
Category: Denial of Service
Source: GitHub
Severity: Moderate

Vulnerability in rubyzip

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.3.0

Unaffected Versions

n/a

References

n/a