CVE-2008-1891Path Traversal in Ruby

CWE-22Path Traversal5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 47.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedApr 18
Latest updateMay 1

Description

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality an

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDruby-lang/ruby1.9.0+2

🔴Vulnerability Details

2
GHSA
GHSA-rhf2-x48g-5wr7: Directory traversal vulnerability in WEBrick in Ruby 12022-05-01
CVEList
CVE-2008-1891: Directory traversal vulnerability in WEBrick in Ruby 12008-04-18

📋Vendor Advisories

1
Red Hat
ruby: WEBrick CGI source disclosure2008-04-15

💬Community

1
Bugzilla
CVE-2008-1891 ruby: WEBrick CGI source disclosure2008-04-23
CVE-2008-1891 — Path Traversal in Ruby-lang Ruby | cvebase