Description
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
Remediation
References
Related Vulnerabilities
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6104)