CVE-2019-16892

Published September 25th, 2019

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

7.1

HIGH

Affected

PROJECT

Description

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

rubyzip/rubyzip

Official Rubyzip repository

GitHub

1.41K