CVE-2021-28966: 
Ruby vulnerability analysis and mitigation

CVE-2021-28966 affects Ruby through version 3.0 on Windows systems. The vulnerability was discovered and disclosed in March 2021, allowing remote attackers to submit crafted paths when a Web application handles parameters with TmpDir. This vulnerability specifically impacts Ruby installations on Windows operating systems (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impact to integrity while not affecting confidentiality or availability. The vulnerability is classified as CWE-22, which refers to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (NVD).

Successful exploitation of this vulnerability could lead to high integrity impact, potentially allowing attackers to modify data through path manipulation. The vulnerability specifically affects the way Ruby handles parameters with TmpDir on Windows systems (NetApp Advisory).

The vulnerability was fixed in Ruby version 2.7.3 and 3.0.1. Users running affected versions should upgrade to these patched versions or later to mitigate the vulnerability (NVD).