The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
References
Link | Resource |
---|---|
http://secunia.com/advisories/58273 | URL Repurposed |
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600 | Exploit Patch |
http://secunia.com/advisories/58273 | URL Repurposed |
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600 | Exploit Patch |
Configurations
History
21 Nov 2024, 02:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/58273 - URL Repurposed | |
References | () https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600 - Exploit, Patch |
06 Jun 2023, 14:02
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/58273 - URL Repurposed | |
CPE | cpe:2.3:a:github:hub:*:*:*:*:*:*:*:* | |
First Time |
Github
Github hub |
Information
Published : 2014-05-27 14:55
Updated : 2024-11-21 02:01
NVD link : CVE-2014-0177
Mitre link : CVE-2014-0177
CVE.ORG link : CVE-2014-0177
JSON object : View
Products Affected
github
- hub
CWE
CWE-310
Cryptographic Issues