2 matches found
CVE-2021-28965
The CVE-2021-28965 issue concerns the Ruby REXML library: specifically the REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1. The root cause is improper handling of XML round-trips, which can produce an incorrect XML document after parsing and serializing. Seve...
CVE-2021-28966
CVE-2021-28966 affects Ruby up to 3.0 on Windows. A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, enabling path-related manipulation. Root cause: how TmpDir parameter is processed in web contexts (no details beyond this in the provided documents...