In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1131465 | Exploit Issue Tracking Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210902-0004/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-27T16:01:12
Updated: 2021-09-02T08:06:33
Reserved: 2021-03-22T00:00:00
Link: CVE-2021-28966
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-30T14:15:16.303
Modified: 2022-08-12T18:27:19.153
Link: CVE-2021-28966
JSON object: View
Redhat Information
No data.
CWE