Описание
Уязвимость менеджера управления пакетами gems проектов Ruby Bundler связана с использованием файлов и каталогов, доступных внешним сторонам. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Вендор
Наименование ПО
Версия ПО
Тип ПО
Операционные системы и аппаратные платформы
Уровень опасности уязвимости
Возможные меры по устранению уязвимости
Статус уязвимости
Наличие эксплойта
Информация об устранении
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
6.7 Medium
CVSS3
6.2 Medium
CVSS2
Связанные уязвимости
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ...
EPSS
6.7 Medium
CVSS3
6.2 Medium
CVSS2