ID CVE-2018-1000073
Summary RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.
Vulnerable Configurations
Base: None
nessus via4
NASL family Fedora Local Security Checks
NASL id FEDORA_2018-40ED78700C.NASL
description Fix: Multiple vulnerabilities in RubyGems in-rubygems/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2018-03-06
modified 2018-03-05
plugin id 107125
published 2018-03-05
reporter Tenable
title Fedora 27 : ruby (2018-40ed78700c)
refmap via4
Last major update 13-03-2018 - 11:29
Published 13-03-2018 - 11:29
Last modified 13-03-2018 - 11:29
Back to Top