CVE-2021-28966

Name
CVE-2021-28966
Description
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://hackerone.com/reports/1131465
Third Party Advisory https://security.netapp.com/advisory/ntap-20210902-0004/

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ruby 3.10-main 2.5.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed