Home

CVE-2018-8780

Description

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.344

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in macOS Mojave 10.14.1Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot AutomaticallyMac
(RHSA-2019:2028) ruby security update ruby-2.0.0.648-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update ruby-devel-2.0.0.648-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update ruby-doc-2.0.0.648-36.el7.noarch.rpmLinux
(RHSA-2019:2028) ruby security update ruby-irb-2.0.0.648-36.el7.noarch.rpmLinux
(RHSA-2019:2028) ruby security update ruby-libs-2.0.0.648-36.el7.i686.rpmLinux
(RHSA-2019:2028) ruby security update ruby-libs-2.0.0.648-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update ruby-tcltk-2.0.0.648-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-io-console-0.4.2-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-json-1.7.7-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-minitest-4.3.2-36.el7.noarch.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-psych-2.0.0-36.el7.x86_64.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-rake-0.9.6-36.el7.noarch.rpmLinux
(RHSA-2019:2028) ruby security update rubygem-rdoc-4.0.0-36.el7.noarch.rpmLinux
(RHSA-2019:2028) ruby security update rubygems-2.0.14.1-36.el7.noarch.rpmLinux
(RHSA-2019:2028) ruby security update rubygems-devel-2.0.14.1-36.el7.noarch.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
(RHSA-2019:2028)Moderate: security update ruby-debuginfo-2.0.0.648-36.el7.i686.rpmLinux
(RHSA-2019:2028)Moderate: security update ruby-debuginfo-2.0.0.648-36.el7.x86_64.rpmLinux
Ruby update (ELSA-2019-2028) ruby-2.0.0.648-36.el7.x86_64.rpmLinux
Ruby-irb update (ELSA-2019-2028) ruby-irb-2.0.0.648-36.el7.noarch.rpmLinux
Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.i686.rpmLinux
Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.x86_64.rpmLinux
Rubygem-bigdecimal update (ELSA-2019-2028) rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpmLinux
Rubygem-io-console update (ELSA-2019-2028) rubygem-io-console-0.4.2-36.el7.x86_64.rpmLinux
Rubygem-json update (ELSA-2019-2028) rubygem-json-1.7.7-36.el7.x86_64.rpmLinux
Rubygem-psych update (ELSA-2019-2028) rubygem-psych-2.0.0-36.el7.x86_64.rpmLinux
Rubygem-rdoc update (ELSA-2019-2028) rubygem-rdoc-4.0.0-36.el7.noarch.rpmLinux
Rubygems update (ELSA-2019-2028) rubygems-2.0.14.1-36.el7.noarch.rpmLinux
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2018-8780)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602004macOS Mojave 10.14.6
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234