Description
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)
WordPress 4.6.x Directory Traversal (4.6 - 4.6.28)
WordPress Plugin Link Library Cross-Site Scripting (5.9.12.29)
Apache HTTP Server Other Vulnerability (CVE-2002-2012)
TYPO3 Improper Authentication Vulnerability (CVE-2022-36106)