CVE-2018-1000079

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.jruby/jruby-stdlib

Identifiers

GHSA-8qxg-mff5-j3wc, CVE-2018-1000079

Package Slug

maven/org.jruby/jruby-stdlib

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

Affected Versions

All versions before 9.1.16.0

Solution

Upgrade to version 9.1.16.0 or above.

Last Modified

2023-03-10

source