Description
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
Remediation
References
Related Vulnerabilities
WordPress Plugin Image Slider-Responsive Slider Unspecified Vulnerability (2.4.2)
WordPress Plugin AffiliateWP Cross-Site Scripting (2.0.9)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (2.6.6)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-1318)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1023)