BIT-ruby-2021-28966

Import Source

https://github.com/bitnami/vulndb/tree/main/data/ruby/BIT-ruby-2021-28966.json

Aliases

• CVE-2021-28966
• GHSA-46f2-3v63-3xrp

Published

2024-03-06T11:05:31.087Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

References

• https://hackerone.com/reports/1131465
• https://security.netapp.com/advisory/ntap-20210902-0004/