Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby 安全漏洞
Vulnerability Description
Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。 Ruby中的Dir.open、Dir.new、Dir.entries和Dir.empty?方法存在安全漏洞,该漏洞源于程序没有检测空字符。远程攻击者可通过发送HTTP请求,提交恶意输入利用该漏洞遍历任意路径并访问敏感信息。以下版本受到影响:Ruby 2.2.10之前的版本,2.3.7之前的2.3.x版本,2.4.4之前的2.4.x版本,2.5.1之前的2.5.x版本,2.6.0-preview1版本。
CVSS Information
N/A
Vulnerability Type
N/A