CVE-2012-4522

CVSS v2.0 5 (Medium)

EPSS 0.39 % (74^th)

Affected Products 1

Advisories 9

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-11-24 20:55:03
(11 years ago)
Updated Date: 2013-05-04 03:20:45
(11 years ago)

Affected Products

Ruby-lang

Ruby

Configuration #1

		CPE23	From	Up To
	Ruby-lang Ruby 1.9.3	cpe:2.3:a:ruby-lang:ruby:1.9.3
	Ruby-lang Ruby 2.0.0	cpe:2.3:a:ruby-lang:ruby:2.0.0