Description
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
Remediation
References
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2007-2692)
WordPress Plugin Download Monitor Cross-Site Scripting (3.3.6.1)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (4.0.3)
ownCloud Resource Management Errors Vulnerability (CVE-2015-4717)
WordPress Plugin WP Safe Search 'v1' Parameter Cross-Site Scripting (0.7)