CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage

2013-02-2020:00:00

RubySec

rubysec.com

JSON

The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser
gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via
a symlink attack on a temporary file with a predictable name in /tmp.

CPENameOperatorVersion
ruby_parserlt3.1.2

CPE	Name	Operator	Version
	ruby_parser	lt	3.1.2

References

nvd.nist.gov/vuln/detail/CVE-2013-0162

JSON

Related for RUBY:RUBY_PARSER-2013-0162-90561