CVE-2018-6914 — Path Traversal in Ruby
Severity
7.5HIGHNVD
EPSS
2.4%
top 15.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Latest updateMay 14
Description
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 6.0, 7.0, 7.4, 7.5, 7.6
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4Apple▶
CVE-2018-6914: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra↗2018-10-30
Apple▶
CVE-2018-6914: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan↗2018-07-09
Red Hat▶
ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir↗2018-03-28