CVE-2021-28966 (tmpdir): Path traversal in Tempfile on Windows

ADVISORIES

CVE-2021-28966 (NVD)
GHSA-46f2-3v63-3xrp
Vendor Advisory

GEM

tmpdir

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

>= 0.1.2

DESCRIPTION

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally.

CVE-2018-6914 (NVD)
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/

RubySec

CVE-2021-28966 (tmpdir): Path traversal in Tempfile on Windows

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories