CVE-2021-28966
published 2021-07-30CVE-2021-28966: In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
58.04%
99.0th percentile
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby2.7 | — | — |
| ruby-lang | ruby | < 2.7.3 | 2.7.3 |
| ruby-lang | ruby | >= 0 < 2.5.9-r0 | 2.5.9-r0 |
| ruby-lang | ruby | >= 0 < 2.6.7-r0 | 2.6.7-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 0 < 2.7.3-r0 | 2.7.3-r0 |
| ruby-lang | ruby | >= 3.0.0 < 3.0.1 | 3.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability is Windows-platform specific only; Ruby on Linux/macOS is not affected by this TmpDir path traversal issue. ↗
- ·Debian bullseye has resolved this CVE; patched packages are available for that distribution. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2021-28966: In Ruby through 3
osv·2021-07-30·CVSS 7.5
CVE-2021-28966 [HIGH] CVE-2021-28966: In Ruby through 3
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
GHSA
Tempfile on Windows path traversal vulnerability
ghsa·2021-05-06
CVE-2021-28966 [HIGH] CWE-22 Tempfile on Windows path traversal vulnerability
Tempfile on Windows path traversal vulnerability
There is an unintentional directory creation vulnerability in `tmpdir` library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally.
OSV
Tempfile on Windows path traversal vulnerability
osv·2021-05-06
CVE-2021-28966 [HIGH] Tempfile on Windows path traversal vulnerability
Tempfile on Windows path traversal vulnerability
There is an unintentional directory creation vulnerability in `tmpdir` library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally.
Debian
CVE-2021-28966: ruby2.7 - In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when...
vendor_debian·2021·CVSS 7.5
CVE-2021-28966 [HIGH] CVE-2021-28966: ruby2.7 - In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when...
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
Scope: local
bullseye: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-30
Published