CVE Vulnerabilities

CVE-2012-4522

Published: Nov 24, 2012 | Modified: May 04, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Affected Software

Name Vendor Start Version End Version
Ruby Ruby-lang 2.0.0 2.0.0
Ruby Ruby-lang 1.9.3 1.9.3

References