Miggo Logo
Miggo Vulnerability Database
CVE-2021-28966

CVE-2021-28966:
Tempfile on Windows path traversal vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-28966
GHSA ID
GHSA-46f2-3v63-3xrp
EPSS Score
0.54884%
CWE
CWE-22
Published
5/6/2021
Updated
1/27/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
tmpdirrubygems< 0.1.20.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from tmpdir's handling of directory creation in Windows. The key evidence is:

  1. The advisory explicitly mentions Dir.mktmpdir as the vulnerable entry point
  2. The patch modifies UNUSABLE_CHARS to be more restrictive, indicating the original character whitelist was insufficient
  3. The test case changes show explicit testing for path traversal via both File::SEPARATOR and File::ALT_SEPARATOR
  4. The CWE-22 classification confirms this is a path limitation issue in directory/file creation functions
  5. The vulnerability manifests when user-supplied input flows into the prefix parameter of Dir.mktmpdir without proper sanitization

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**r* is *n unint*ntion*l *ir**tory *r**tion vuln*r**ility in `tmp*ir` li*r*ry *un*l** wit* Ru*y on Win*ows. *n* t**r* is *lso *n unint*ntion*l *il* *r**tion vuln*r**ility in t*mp*il* li*r*ry *un*l** wit* Ru*y on Win*ows, ****us* it us*s tmp*ir int*r

Reasoning

T** vuln*r**ility st*ms *rom tmp*ir's **n*lin* o* *ir**tory *r**tion in Win*ows. T** k*y *vi**n** is: *. T** **visory *xpli*itly m*ntions *ir.mktmp*ir *s t** vuln*r**l* *ntry point *. T** p*t** mo*i*i*s UNUS**L*_***RS to ** mor* r*stri*tiv*, in*i**ti