Vulnerabilities

CVE-2019-11879

by Fred · 10/05/2019

** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem."

Date published : 2019-05-10

https://bugs.ruby-lang.org/issues/15835

Similar

Tags: Cybersecurity Alert