The FileUtils.remove_entry_secure method in Ruby 1.8.6 up to and including 1.8.6-420, 1.8.7 up to and including 1.8.7-330, 1.8.8dev, 1.9.1 up to and including 1.9.1-430, 1.9.2 up to and including 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang ruby 1.9.2 |
||
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 1.8.6 |
||
ruby-lang ruby 1.8.7 |
||
ruby-lang ruby 1.8.8 |
||
ruby-lang ruby 1.9.1 |