Details

    • Type: Improvement
    • Status: Deployed
    • Priority: Medium
    • Resolution: DeployedToBeta
    • Affects Version/s: 0.9.220
    • Fix Version/s: 0.9.221
    • Epic Link:
    • Milestone:
      Internal 0.9
    • Difficulty:
      Medium
    • Roadmap:
      Misc
    • Components:
      AutomatedTests

      Description

      Name: rubyzip
      Version: 1.2.1
      Advisory: CVE-2018-1000544
      Criticality: Unknown
      URL: https://github.com/rubyzip/rubyzip/issues/369
      Title: Directory Traversal in rubyzip
      Solution: remove or disable this gem until a patch is available!

      As of Aug 28, 2018 there's no patch for this vulnerability. The gem is used only by selenium-webdriver, which is a test-only dependency (for AO3-4787 In Review ), so we can remove both rubyzip and selenium-webdriver for now.

      How to test: none, it's just tests.

        Attachments

          Activity

            People

            • Assignee:
              redsummernight redsummernight
              Reporter:
              redsummernight redsummernight
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: