Description
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
Remediation
References
Related Vulnerabilities
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9635)
MySQL CVE-2020-2853 Vulnerability (CVE-2020-2853)
WordPress Plugin UPM Polls 'PID' Parameter SQL Injection (1.0.4)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)
WordPress Plugin WP Maintenance Mode Cross-Site Request Forgery (1.8.7)