Ruby Gem RubyZip Path Traversal (CVE-2017-5946)

Rubyzip module allows to overwrite or create arbitrary files via relative filenames and executing malicious code, e.g. by writing to /etc/ld.so.preload, ~/.bashrc.

Proof of Concept

References

https://github.com/rubyzip/rubyzip/issues/315
https://gist.github.com/ecneladis/14ebd875f7db65e0451bc49f79ed64f2