Description

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Remediation

References

CVE-2012-4522

Related Vulnerabilities

WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (3.2.3)

WordPress Plugin ImportWP-Import any XML or CSV File into WordPress Security Bypass (1.1.5)

WordPress Plugin WP Add Mime Types Cross-Site Request Forgery (2.2.1)

WordPress Plugin Coming Soon & Maintenance Mode Page Cross-Site Request Forgery (1.57)

Oracle HTTP Server Other Vulnerability (CVE-2007-0281)

Severity

Medium

Classification

CVE-2012-4522 CWE-264

Tags

Missing Update Known Vulnerabilities