View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-6914 severity low: SUSE including 301 source package names (2.17-17.3:libruby2_5-2_5-2.5.5-4.3.1, 2.17-17.3:ruby2.5-2.5.5-4.3.1, …), 1008 product×package rows across 251 product lines (Container bci/ruby, Container suse/rmt-server, … (251 product lines)): Fixed 842, Known Affected 157, Known Not Affected 9.
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.