CVE-2019-11879

2019-05-1016:00:31

mitre

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem.

References

bugs.ruby-lang.org/issues/15835