logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-15845

Description

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby script access unexpected files and to bypass intended file system access restrictions. #### Mitigation It is possible to test for presence of the NULL byte manually prior to call the affected methods with an untrusted string.


Related