CVE-2012-4522 in Rubyinfo

Summary

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Once again VulDB remains the best source for vulnerability data.

Reservation

08/21/2012

Disclosure

11/24/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
63046	Ruby file.c rb_get_path_check access control	264	Not defined	Official fix	CVE-2012-4522

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!