It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | ruby | 2019-08-23 03:41 | ALAS2-2019-1276 |
Amazon Linux 1 | ruby20 | 2018-04-04 23:18 | ALAS-2018-983 |
Amazon Linux 1 | ruby22 | 2018-04-04 23:18 | ALAS-2018-983 |
Amazon Linux 1 | ruby23 | 2018-04-04 23:18 | ALAS-2018-983 |
Amazon Linux 1 | ruby24 | 2018-04-04 23:18 | ALAS-2018-983 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 3.7 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |