AIKIDO-2026-108299
rubyzip is vulnerable to Path Traversal
61
Medium Risk
This Affects:
rubyzipTL;DR
The rubyzip library checks extracted paths against a destination directory using a prefix match that does not enforce a directory boundary. A crafted ZIP archive can pass this check when the resolved output path shares a prefix with the destination directory, allowing files to be written outside the intended extraction folder. The same release also validates declared central-directory entry counts against header size and stops iterating on the first invalid entry to reduce denial-of-service impact from malformed archive metadata. The fix adds a directory-separator boundary to the containment check and hardens central-directory parsing.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and your application extracts entries from untrusted ZIP archives using the destination_directory option.
Background info
rubyzip is vulnerable to Path Traversal in versions 3.0.0 - 3.3.1.
How to fix this
Upgrade the rubyzip library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant