GHSA-46f2-3v63-3xrp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-46f2-3v63-3xrp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-46f2-3v63-3xrp/GHSA-46f2-3v63-3xrp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-46f2-3v63-3xrp
- Aliases
- Published
- 2021-05-06T15:01:36Z
- Modified
- 2024-02-16T08:20:49.960411Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Tempfile on Windows path traversal vulnerability
- Details
-
There is an unintentional directory creation vulnerability in
tmpdirlibrary bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally. - Database specific
{ "nvd_published_at": "2021-07-30T14:15:00Z", "cwe_ids": [ "CWE-22" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-05-06T15:01:12Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-28966
- https://github.com/ruby/tmpdir/pull/8
- https://github.com/ruby/tmpdir/commit/93798c01cb7c10476e50a4d80130a329ba47f348
- https://hackerone.com/reports/1131465
- https://github.com/ruby/tmpdir
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/tmpdir/CVE-2021-28966.yml
- https://rubygems.org/gems/tmpdir
- https://security.netapp.com/advisory/ntap-20210902-0004
- https://www.ruby-lang.org/en/news/2021/04/05/tempfile-path-traversal-on-windows-cve-2021-28966
Affected packages
RubyGems / tmpdir
Package
- Name
- tmpdir
- Purl
- pkg:gem/tmpdir