CVE-2021-28966

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 3.0 on Windows

Description: A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, potentially allowing them to exit the directory and impact the system. There is an unintentional directory creation vulnerability in the tmpdir library bundled with Ruby on Windows, and an unintentional file creation vulnerability in the tempfile library, as it uses tmpdir internally.

Recommendations: For Ruby versions prior to 3.0 on Windows, consider restricting access to the tmpdir library and tempfile library until a patch is available. As a temporary workaround, avoid using the tmpdir library and tempfile library in Web applications that handle parameters with TmpDir.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BIT-RUBY-2021-28966

BIT-RUBY-MIN-2021-28966

CVE-2021-28966

GHSA-46F2-3V63-3XRP

Affected Products

Ruby

CVE-2021-28966

Weakness Enumeration

Related Identifiers

Affected Products

References · 17