Michal Marek

**Name of the Vulnerable Software and Affected Versions** minitar versions prior to 0.6 archive-tar-minitar version 0.5.2 **Description** The issue allows remote attackers to write to arbitrary files via a `..` (dot dot) in a TAR archive entry. This is a directory traversal vulnerability in the minitar and archive-tar-minitar gems for Ruby. **Recommendations** For minitar versions prior to 0.6, update to version 0.6 or later. For archive-tar-minitar version 0.5.2, consider disabling the use of TAR archive entries until a patch is available.