ADVISORIES
- CVE-2014-4996 (NVD)
- GHSA-x4vj-279x-qwf2
- OSVDB-108728
GEM
SEVERITY
CVSS v3.x: 5.5 (Medium)
PATCHED VERSIONS
None.
DESCRIPTION
VladTheEnterprising Gem for Ruby contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/my.cnf.#{target_host} file they can overwrite arbitrary files, gain access to the MySQL root password, or inject arbitrary commands.