SUSE CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

Directory Traversal

Overview tmpdir is a package that extends the Dir class to manage the OS temporary file path. Affected versions of this package are vulnerable to Directory Traversal. There is are unintentional directory and file creation vulnerabilities in tmpdir library bundled with Ruby on Windows. The...

The vulnerability of the Dir.mktmpdir method in the tmpdir library of the Ruby interpreter allows a malicious actor to write arbitrary files to the file system.

The vulnerability of the Dir.mktmpdir method in the tmpdir library of the Ruby interpreter exists due to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to write arbitrary files to the file...

Directory Traversal

rubysl-tmpdir is vulnerable to directory traversal attacks.The Dir.mktmpdir method accepts a prefix which could contain a string such as ../ which would allow an attacker to create temporary directories anywhere within the server if the prefix method can be attacker controlled...

CVE-2018-6914

CVE-2018-6914 is a directory traversal vulnerability in Ruby’s tmpdir library (Dir.mktmpdir). The flaw allows an attacker to create arbitrary directories or files via a “..” in the prefix argument. Affected Ruby versions: before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, ...

Directory Traversal

Overview rubysl-tmpdir is a ruby standard library for tmpdir. Affected versions of this package are vulnerable to Directory Traversal. Dir.mktmpdir method introduced by tmpdir library accepts the prefix and the suffix of the directory which is created as the first parameter. The prefix can contai...