John Lees-Miller

1 exploit Active since Sep 2019
CVE-2019-16892 WRITEUP MEDIUM WRITEUP
Rubyzip < 1.3.0 - Denial of Service via Spoofed ZIP Entry Size
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
CVSS 5.5