There is an XML round-trip vulnerability in REXML gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2021-28965. We strongly recommend upgrading the REXML gem.
Posted by mame on 5 Apr 2021
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally. This vulnerability has been assigned the CVE identifier CVE-2021-28966.
Posted by mame on 5 Apr 2021