Unintentional Directory Traversal Vulnerability in Ruby's Dir Methods
CVE-2018-8780 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
Learn more about our Web Application Penetration Testing UK.