Title: [Security] Bump rubyzip from 1.2.1 to 1.2.2 by greysteil · Pull Request #3077 · catarse/catarse · GitHub
Open Graph Title: [Security] Bump rubyzip from 1.2.1 to 1.2.2 by greysteil · Pull Request #3077 · catarse/catarse
X Title: [Security] Bump rubyzip from 1.2.1 to 1.2.2 by greysteil · Pull Request #3077 · catarse/catarse
Description: Bumps rubyzip from 1.2.1 to 1.2.2. This update includes security fixes. Vulnerabilities fixed Sourced from The Ruby Advisory Database. Directory Traversal in rubyzip rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem. Patched versions: >= 1.2.2 Unaffected versions: none Commits d07b13a Merge pull request #376 from jdleesmiller/fix-cve-2018-1000544 fd81bd5 Bump version to 1.2.2 cf35774 Bump version to 1.3.0 ffb374c Bump version to 2.0.0 8a1de58 Expand from root rather than current working directory 3dd165b Disable symlinks and check for path traversal ffebfa3 Consolidate path traversal tests 9c468f3 Add jwilk's path traversal tests 0586329 Trigger CI again cf71583 Move jruby to allow failures matrix till crc uint 32 issues are resolved Additional commits viewable in compare view
Open Graph Description: Bumps rubyzip from 1.2.1 to 1.2.2. This update includes security fixes. Vulnerabilities fixed Sourced from The Ruby Advisory Database. Directory Traversal in rubyzip rubyzip version 1.2.1 and ear...
X Description: Bumps rubyzip from 1.2.1 to 1.2.2. This update includes security fixes. Vulnerabilities fixed Sourced from The Ruby Advisory Database. Directory Traversal in rubyzip rubyzip version 1.2.1 and ear...
Opengraph URL: https://github.com/catarse/catarse/pull/3077
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:999dc1fa-284b-c116-449c-41e2c0785fb1 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 973C:1C9D2:2611051:31275DE:6992985B |
| html-safe-nonce | 227b5b09cb90aefcadfb1fa876063bed2786b4a8c5cee56c1b8bff9b2d8e82ee |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5NzNDOjFDOUQyOjI2MTEwNTE6MzEyNzVERTo2OTkyOTg1QiIsInZpc2l0b3JfaWQiOiIzOTE5OTExNjM2NTg1MDYwNDQzIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | ffe6a34eb4965bb04a44e51b31b187f2bbb262da1d4a1841bf9a1eb9458dfccc |
| hovercard-subject-tag | pull_request:212455632 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/catarse/catarse/pull/3077/files |
| twitter:image | https://avatars.githubusercontent.com/u/1144873?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/1144873?s=400&v=4 |
| og:image:alt | Bumps rubyzip from 1.2.1 to 1.2.2. This update includes security fixes. Vulnerabilities fixed Sourced from The Ruby Advisory Database. Directory Traversal in rubyzip rubyzip version 1.2.1 and ear... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 42c603b9d642c4a9065a51770f75e5e27132fef0e858607f5c9cb7e422831a7b |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/catarse/catarse git https://github.com/catarse/catarse.git |
| octolytics-dimension-user_id | 721161 |
| octolytics-dimension-user_login | catarse |
| octolytics-dimension-repository_id | 1071489 |
| octolytics-dimension-repository_nwo | catarse/catarse |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 1071489 |
| octolytics-dimension-repository_network_root_nwo | catarse/catarse |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 848bc6032dcc93a9a7301dcc3f379a72ba13b96e |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width