Описание
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gyazo_project:gyazo:1.0.0:*:*:*:*:ruby:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 5.5
github
около 8 лет назад
Gyazo allows local users to write arbitrary files
EPSS
Процентиль: 16%
0.00052
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-20