The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2013-03-01 05:40
Updated : 2024-02-28 12:00
NVD link : CVE-2013-0162
Mitre link : CVE-2013-0162
CVE.ORG link : CVE-2013-0162
JSON object : View
Products Affected
ryan_davis
- ruby_parser
CWE
CWE-264
Permissions, Privileges, and Access Controls