The vulnerability of the Dir.mktmpdir method in the tmpdir library of the Ruby interpreter allows a malicious actor to write arbitrary files to the file system.

The vulnerability of the Dir.mktmpdir method in the tmpdir library of the Ruby interpreter exists due to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to write arbitrary files to the file...

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

Directory Traversal

Overview rubysl-tmpdir is a ruby standard library for tmpdir. Affected versions of this package are vulnerable to Directory Traversal. Dir.mktmpdir method introduced by tmpdir library accepts the prefix and the suffix of the directory which is created as the first parameter. The prefix can contai...