Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2011-1004 - Vulnerability Database
Ruby

Ruby Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2011-1004

Medium
Reference: CVE-2011-1004
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-1004
Title: Ruby Improper Link Resolution Before File Access (Link Following) Vulnerability
Overview:

The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420 1.8.7 through 1.8.7-330 1.8.8dev 1.9.1 through 1.9.1-430 1.9.2 through 1.9.2-136 and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.