Описание
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | DNE | |
| disco | not-affected | 1.16.1-2 |
| eoan | not-affected | 1.16.1-2 |
| esm-apps/bionic | released | 1.16.1-1ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 1.16.1-2 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 1.16.1-2 |
| groovy | not-affected | 1.16.1-2 |
Показывать по
Ссылки на источники
4.4 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ...
4.4 Medium
CVSS2
7.8 High
CVSS3