ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Low severity
GitHub Reviewed
Published
May 5, 2022
to the GitHub Advisory Database
•
Updated Aug 16, 2023
Description
Published by the National Vulnerability Database
Mar 1, 2013
Published to the GitHub Advisory Database
May 5, 2022
Reviewed
Mar 8, 2023
Last updated
Aug 16, 2023
The
diff_pp
function inlib/gauntlet_rubyparser.rb
in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in/tmp
.References