CVE-2017-0901

Summary

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

Affected Software

VendorProductVersion RangeStatus
HackerOneRubyGemsVersions before 2.6.13affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'Ûª) (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References