Posted on

Ruby up to 2.2.9/2.3.6/2.4.3/2.5.0 RubyGems package.rb install_location directory traversal

A vulnerability, which was classified as critical, has been found in Ruby up to 2.2.9/2.3.6/2.4.3/2.5.0 (Programming Language Software). Affected by this issue is the function install_location of the file package.rb of the component RubyGems. Upgrading eliminates this vulnerability. A possible mitigation has been published 2 months after the disclosure of the vulnerability.