Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
| Software | From | Fixed in |
|---|---|---|
| ruby-lang / ruby | - | 2.7.3 |
| ruby-lang / ruby | 3.0.0 | 3.0.1 |
tmpdir
|
- | 0.1.2 |
- https://github.com/ruby/tmpdir/commit/93798c01cb7c10476e50a4d80130a329ba47f348
- https://github.com/ruby/tmpdir/pull/8
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/tmpdir/CVE-2021-28966.yml
- https://hackerone.com/reports/1131465
- https://rubygems.org/gems/tmpdir
- https://security.netapp.com/advisory/ntap-20210902-0004/
- https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966/