Vulnerability in N/a
CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
EPSS: 0.580 (99.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- hackerone.com/reports/1131465 (x_refsource_MISC)
- security.netapp.com/advisory/ntap-20210902-0004/ (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2021-28966?
- CVE-2021-28966 is a vulnerability in N/a. Published 2021-07-27.
- Is CVE-2021-28966 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.