Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RubyGems 路径遍历漏洞
Vulnerability Description
RubyGems是RubyGems组织的一款Ruby程序包管理器。该产品主要用于发布和管理Ruby程序包。 RubyGems 2.7.6版本至3.0.2版本中存在目录遍历漏洞。攻击者可利用该漏洞删除用户设备上的任意文件,造成数据丢失或系统无法使用。
CVSS Information
N/A
Vulnerability Type
N/A