Remote Code Execution Vulnerability in Ruby on Windows via Crafted TmpDir Parameter
CVE-2021-28966 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
Learn more about our Web App Pen Testing.