2 matches found
ruby: Unintentional directory traversal by poisoned NULL byte in Dir
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...
CVE-2008-1145
CVE-2008-1145 is a directory traversal vulnerability in WEBrick for Ruby. Affected: Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, on systems with backslash path separators or case-insensitive filenames. Exploitation via encoded backslashes ("..\" sequences) or filenames matc...