Please sign in to comment.
Disallow path segments and directory traversal in `.ruby-version` files
A malicious `.ruby-version` file in the current directory could inject `../../../` into the version string and trigger execution of binaries outside of `RBENV_ROOT/versions/`. Fixes #977 OVE-20170303-0004
- Loading branch information
Showing with 19 additions and 1 deletion.