CVE-2021-28966

HIGH7.5EPSS 0.25%

Tempfile on Windows path traversal vulnerability

發布日:2021/5/6修改日:2025/12/3
也稱為:GHSA-46f2-3v63-3xrpALPINE-CVE-2021-28966BIT-ruby-2021-28966BIT-ruby-min-2021-28966

描述

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

受影響套件(4)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1HIGH7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(11)