Lucene search
K

4 matches found

OSV
OSV
added 2021/05/10 2:53 p.m.27 views

GHSA-G98M-96G9-WFJQ Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7CVSS7.5AI score0.00529EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/05/10 2:53 p.m.64 views

Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS7.5AI score0.00529EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2020/09/04 12:15 p.m.24 views

Code injection

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

4.4CVSS7.4AI score0.00529EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.5 views

PT-2019-5544 · Ruby +6 · Bundler +6

Name of the Vulnerable Software and Affected Versions: Bundler versions prior to 2.1.0 Description: The issue is related to the use of predictable paths in /tmp/ with insecure permissions as a storage location for gems when locations under the user's home directory are not available. If Bundler i...

8.1CVSS6.8AI score0.06811EPSS
Exploits2References90
Rows per page
Query Builder