Ruby is vulnerable to directory traversal vulnerability. This exists in install_location
function of package.rb
that could result in path traversal when writing to a symlinked basedir outside of the root.
blog.rubygems.org/2018/02/15/2.7.6-released.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
access.redhat.com/errata/RHSA-2018:3729
access.redhat.com/errata/RHSA-2018:3730
access.redhat.com/errata/RHSA-2018:3731
access.redhat.com/errata/RHSA-2019:2028
access.redhat.com/errata/RHSA-2020:0542
access.redhat.com/errata/RHSA-2020:0591
access.redhat.com/errata/RHSA-2020:0663
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1650591
github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2
lists.debian.org/debian-lts-announce/2018/08/msg00028.html
usn.ubuntu.com/3621-1/
www.debian.org/security/2018/dsa-4219
www.debian.org/security/2018/dsa-4259