0.002 Low
EPSS
Percentile
59.3%
Ruby is vulnerable to directory traversal vulnerability. This is because the methods from the Dir class does not properly handle strings containing the NULL byte. An attacker could inject NULL bytes in a path causing a directory traversal condition.
access.redhat.com/errata/RHSA-2018:3729
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1650591