Unintentional Directory Traversal Vulnerability in Ruby's Dir Methods

Unintentional Directory Traversal Vulnerability in Ruby's Dir Methods

CVE-2018-8780 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

Learn more about our Web Application Penetration Testing UK.