Vulnerability identifier: #VU11538
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to write arbitrary files on the target system.
The weakness exists in the Dir.mktmpdir method in the tmpdir library due to path traversal. A remote attacker can create a directory or a file at any directory in the prefix argument.
Update to versions 2.2.10, 2.3.7, 2.4.4 or 2.5.1.
Vulnerable software versions
Ruby: 2.2.0 - 2.6.0-preview1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?