CVE-2018-8780

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script. Mitigation It is possible to test for presence of the NULL byte manually...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1275)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name...

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1206)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create...