RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-13T15:00:00
Updated: 2020-03-03T18:06:18
Reserved: 2018-02-21T00:00:00
Link: CVE-2018-1000079
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-13T15:29:00.783
Modified: 2018-11-30T11:29:05.970
Link: CVE-2018-1000079
JSON object: View
Redhat Information
No data.
CWE