The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite…
redhat·CWE-264·Published 2013-03-01
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
The `diff_pp` function in `lib/gauntlet_rubyparser.rb` in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in `/tmp`.
The `diff_pp` function in `lib/gauntlet_rubyparser.rb` in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in `/tmp`.
La función diff_pp en lib/gauntlet_rubyparser.rb en ruby_parser gem v3.1.1 y anteriores para Ruby, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo temporal con un nombre predecible en /tmp.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 2.1 | 3.9 | 2.9 | AV:L/AC:L/Au:N/C:N/I:P/A:N |