SECURITY UPDATE |  |
| Release Date: | 2014-07-24 (Last update can be found below the document title) |
| Description: | Boundary issues with rubyzip gem |
| Criticality Level: | Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical ) |
| Impact: |
|
| Systems Affected: | Canvas LMS |
| Solution Status: | Patched |
| Discovered By: | Internal audit |
| Relevant Changesets: | https://github.com/instructure/canvas-lms/commit/a6e104a20b0e6da4251cf7ed90b4eecea0937130 |
Summary:
A vulnerability was discovered within the rubyzip gem used by Canvas which could allow an attacker to gain access to the filesystem, directories, files and/or execute arbitrary code via symbolic links.
Status:
Fixed in Canvas Cloud as of 7/24/2014. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in
