There is an unintentional directory traversal in some methods in Dir . This vulnerability has been assigned the CVE identifier CVE-2018-8780. DetailsDir.open , Dir.new , Dir.entries and Dir.empty? accept the path of the target directory as their parameter. If the parameter contains NUL (\0 ) bytes, these methods recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of these methods, the attacker can make the unintentional directory traversal.
All users running an affected release should upgrade immediately. Affected Versions- Ruby 2.2 series: 2.2.9 and earlier
- Ruby 2.3 series: 2.3.6 and earlier
- Ruby 2.4 series: 2.4.3 and earlier
- Ruby 2.5 series: 2.5.0 and earlier
- Ruby 2.6 series: 2.6.0-preview1
- prior to trunk revision r62989
CreditThanks to ooooooo_q for reporting the issue. History- Originally published at 2018-03-28 14:00:00 (UTC)
Posted by usa on 28 Mar 2018 |