Ecneladis

**Name of the Vulnerable Software and Affected Versions** rubyzip gem versions prior to 1.2.1 **Description** The Zip::File component in the rubyzip gem has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ../ pathname substrings to write arbitrary files to the filesystem. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the upload of .zip files or validating the contents of uploaded .zip files to prevent the use of ../ pathname substrings.