Directory Traversal Vulnerability in Ruby Library
CVE-2018-6914

7.5HIGH

Key Information:

Vendor

Ruby-lang

Status
Ruby
Vendor
CVE Published:
3 April 2018

What is CVE-2018-6914?

The tmpdir library in Ruby is susceptible to a directory traversal vulnerability that allows attackers to create arbitrary directories or files. By providing a specially crafted prefix argument containing the '..' sequence, an attacker could potentially manipulate the directory structure and execute unauthorized file operations. This issue affects several versions of Ruby released before important updates were issued in March 2018. It underscores the importance of keeping software up-to-date to thwart exploitation attempts.

References

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-r...
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3729
vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3626-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.