CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
Published: February 21, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-0162 (NVD)
- GHSA: GHSA-8mvw-22r7-w6fq
- OSVDB: OSVDB-90561
GEM
SEVERITY
CVSS v2.0: 2.1 (Low)
PATCHED VERSIONS
>= 3.1.2
DESCRIPTION
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.