In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| rubyzip(RubyGems) | 0 | 1.3.0 | N/A |
CVSS Metrics
