You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Ruby-tempfile-mktmpdir-PT.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ While playing around Ruby we noticed that Ruby's Tempfile/mktmpdir were allowing
6
6
7
7
### CVE-2018-6914 Patch analysis
8
8
9
-
A similar issue was previously reported by @oooooo_q for Linux, where `/` could be used which made path traversal possible on both Linux and Windows. We looked at the patch of this bug, which was relatively straight forward, delete `/` (File::SEPARATOR) and `\` (File::ALT_SEPARATOR, set on windows only) from the input before creating the file.
9
+
A similar issue was previously reported by [@ooooooo_q](https://twitter.com/ooooooo_q) for Linux, where `/` could be used which made path traversal possible on both Linux and Windows. We looked at the patch of this bug, which was relatively straight forward, delete `/` (File::SEPARATOR) and `\` (File::ALT_SEPARATOR, set on windows only) from the input before creating the file.
0 commit comments