Description
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
Remediation
References
Related Vulnerabilities
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670)
WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (2.1.1)
WordPress Plugin BetterDocs-Best Documentation & Knowledge Base Cross-Site Scripting (1.8.4)
WordPress Plugin TAuto Poster includes Backdoor [Only if downloaded via the vendor website] (1.4.5)