RubySec

Providing security resources for the Ruby community

GHSA-29g5-m8v7-v564 (measured): Measured is vulnerable to Path Traversal attacks during class initialization

ADVISORIES

GEM

measured

PATCHED VERSIONS

  • >= 3.2.1

DESCRIPTION

Impact

A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files.

Patches

Users should update to the latest version.

RELATED