GitHub Advisory DatabaseGHSA-7M2W-9GW7-C3XPopen-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing “openuri-” followed by a crafted UID, and putting Ruby code in said directory once a metafile is created.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| open-uri-cached | le | 1.0.0 |
References
seclists.org/oss-sec/2015/q2/373
www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
www.openwall.com/lists/oss-security/2015/05/06/2
github.com/advisories/GHSA-7m2w-9gw7-c3xp
github.com/rubysec/ruby-advisory-db/blob/master/gems/open-uri-cached/CVE-2015-3649.yml
github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb
github.com/tigris/open-uri-cached/issues/8
nvd.nist.gov/vuln/detail/CVE-2015-3649
web.archive.org/web/20210119122105/www.securityfocus.com/bid/74469
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%