Lucene search
MitreCVE-2007-0469HistoryJan 24, 2007 - 1:28 a.m.
CVE-2007-0469
2007-01-2401:28:00
mitre
web.nvd.nist.gov
34
cve-2007-0469
rubygems
installer.rb
file overwrite
denial of service
arbitrary code execution
security vulnerability
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.02
Percentile
88.9%
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
Affected configurations
Node
rubyforgerubygemsRange≤0.9.0
ORrubyforgerubygemsMatch0.8.11
References
Related
nessus
nessus
openSUSE 10 Security Update : rubygems (rubygems-2644)
2007-10-17 00:00:00
RHEL 6 : rubygems (Unpatched Vulnerability)
2024-06-03 00:00:00
osv
osv
RubyGems file overwrite vulnerability
2022-05-01 17:44:34
ubuntucve
ubuntucve
CVE-2007-0469
2007-01-24 00:00:00
cvelist
cvelist
CVE-2007-0469
2007-01-24 01:00:00
rubygems
rubygems
prion
prion
Code injection
2007-01-24 01:28:00
nvd
nvd
CVE-2007-0469
2007-01-24 01:28:00
github
github
RubyGems file overwrite vulnerability
2022-05-01 17:44:34
securityvulns
securityvulns
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.02
Percentile
88.9%
Related for CVE-2007-0469