CVE-2008-1145

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8 before 1.8.5-p115 Ruby versions 1.8.6 before 1.8.6-p114 Ruby versions 1.9 through 1.9.0-1

Description A directory traversal issue exists when running on systems that support backslash () path separators or case-insensitive file names, allowing remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.

Recommendations For Ruby version 1.8 before 1.8.5-p115, update to version 1.8.5-p115 or later. For Ruby version 1.8.6 before 1.8.6-p114, update to version 1.8.6-p114 or later. For Ruby versions 1.9 through 1.9.0-1, update to a version later than 1.9.0-1.