Tuzovakaoff

**Name of the Vulnerable Software and Affected Versions** rubyzip versions 1.2.1 and earlier **Description** The rubyzip gem contains a Directory Traversal issue in the Zip::File component, allowing an attacker to write arbitrary files to the filesystem. This can be exploited if a site allows uploading of .zip files, and an attacker uploads a malicious file containing symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem. **Recommendations** For rubyzip versions 1.2.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.