9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-1000544

GHSA ID

GHSA-vqcq-mrmw-mcmg

EPSS Score

0.6565%

CWE

CWE-59

Published

9/6/2018

Updated

8/28/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000544

CVE-2018-1000544:
Rubyzip gem contains a Directory Traversal vulnerability in zip file component

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..

This is similar to CVE-2017-5946 which was patched in 1.2.1 but the fix in that case was incomplete.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-1000544

GHSA ID

GHSA-vqcq-mrmw-mcmg

EPSS Score

0.6565%

CWE

CWE-59

Published

9/6/2018

Updated

8/28/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rubyzip	rubygems	<= 1.2.1	1.2.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path sanitization when extracting zip entries. The Zip::Entry#extract method directly uses the entry's filename to write files, allowing malicious paths. Zip::File#extract orchestrates this process without additional safeguards. This matches the CVE description of directory traversal via crafted filenames and aligns with the PoC in rubyzip/rubyzip#369 where extraction logic is exploited. The functions are core to the library's file handling, making them clear candidates.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

ru*yzip **m ru*yzip v*rsion *.*.* *n* **rli*r *ont*ins * *ir**tory Tr*v*rs*l vuln*r**ility in Zip::*il* *ompon*nt t**t **n r*sult in writ* *r*itr*ry *il*s to t** *il*syst*m. T*is *tt**k *pp**r to ** *xploit**l* vi* I* * sit* *llows uplo**in* o* .zip

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* s*nitiz*tion w**n *xtr**tin* zip *ntri*s. T** `Zip::*ntry#*xtr**t` m*t*o* *ir**tly us*s t** *ntry's *il*n*m* to writ* *il*s, *llowin* m*li*ious p*t*s. `Zip::*il*#*xtr**t` or***str*t*s t*is pro**ss wit*out **

9.8

Basic Information

Concerned about an active attack path?

CVE-2018-1000544: Rubyzip gem contains a Directory Traversal vulnerability in zip file component

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-1000544:
Rubyzip gem contains a Directory Traversal vulnerability in zip file component

Vulnerability Intelligence
Miggo AI