75 matches found
CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...
CVE-2021-28966
CVE-2021-28966 affects Ruby up to 3.0 on Windows. A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, enabling path-related manipulation. Root cause: how TmpDir parameter is processed in web contexts (no details beyond this in the provided documents...
CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...
Tempfile on Windows path traversal vulnerability
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...
Directory Traversal
Overview tmpdir is a package that extends the Dir class to manage the OS temporary file path. Affected versions of this package are vulnerable to Directory Traversal. There is are unintentional directory and file creation vulnerabilities in tmpdir library bundled with Ruby on Windows. The...
Path Traversal
ruby is vulnerable to path traversal. There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...
PT-2021-18004 · Ruby · Ruby
Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 3.0 on Windows Description: A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, potentially allowing them to exit the directory and impact the system. There is an...
CVE-2021-23331
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...
UBUNTU-CVE-2020-15250
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...
ant: insecure temporary file vulnerability
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory...
ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory...
ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory...
EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1275)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name...
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2018-1207)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create...
EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1206)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create...
Directory Traversal
rubysl-tmpdir is vulnerable to directory traversal attacks.The Dir.mktmpdir method accepts a prefix which could contain a string such as ../ which would allow an attacker to create temporary directories anywhere within the server if the prefix method can be attacker controlled...
Ruby Directory Traversal Vulnerability (CNVD-2018-07639)
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. tmpdir library is one of the libraries used to create files and directories. A directory traversal vulnerability exists in the Dir.mktmpdir method of the...
CVE-2018-6914
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...
ALPINE-CVE-2018-6914
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...