cbcvebase.
CVE-2011-1004
published 2011-03-02

CVE-2011-1004: The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136…

PriorityP418medium6.3CVSS 2.0
AVLACMAuNCNICAC
EPSS
0.39%
30.4th percentile
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.

Affected

6 ranges
VendorProductVersion rangeFixed in
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby

CVSS provenance

nvdv2.06.3MEDIUMAV:L/AC:M/Au:N/C:N/I:C/A:C
vendor_redhat6.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.