RubySec

Providing security resources for the Ruby community

CVE-2013-0162 (ruby_parser): RubyGems ruby_parser (RP) Temporary File Symlink Arbitrary File Overwrite

ADVISORIES

GEM

ruby_parser

SEVERITY

CVSS v2: 2.1

PATCHED VERSIONS

  • >= 3.1.2

DESCRIPTION

RubyGems ruby_parser (RP) contains a flaw as rubygem-ruby_parser creates temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly overwrite an arbitrary file.