{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "0.5.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.5.4" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.6" } ] }, "events": [ { "introduced": "0" }, { "fixed": "83daaf55e4388bb55be96a8f01cd9adb751632ac" }, { "fixed": "e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4" } ], "repo": "https://github.com/halostatue/minitar", "type": "GIT" } ] } ], "details": "Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.", "id": "CVE-2016-10173", "modified": "2026-04-01T23:08:51.797848109Z", "published": "2017-02-01T15:59:00.177Z", "references": [ { "type": "WEB", "url": "https://puppet.com/security/cve/cve-2016-10173" }, { "type": "ADVISORY", "url": "https://security.gentoo.org/glsa/201702-32" }, { "type": "ADVISORY", "url": "http://www.debian.org/security/2017/dsa-3778" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/95874" }, { "type": "FIX", "url": "http://www.openwall.com/lists/oss-security/2017/01/24/7" }, { "type": "FIX", "url": "http://www.openwall.com/lists/oss-security/2017/01/29/1" }, { "type": "FIX", "url": "https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4" }, { "type": "EVIDENCE", "url": "https://github.com/halostatue/minitar/issues/16" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }