2 matches found
CVE-2014-4994
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames...
CVE-2014-4994
CVE-2014-4994 affects the gyazo Ruby gem (v1.0.0). The issue is in lib/gyazo/client.rb, where a symlink attack on a time-based temporary file allows local users to write to arbitrary files. The impact stated in connected sources is local access with partial integrity impact and no confidentiality...