RubySec

Providing security resources for the Ruby community

CVE-2014-0177 (hub): Hub Package Arbitrary File Overwrite

ADVISORIES

GEM

hub

SEVERITY

CVSS v3.x: 4.4 (Medium)

CVSS v2.0: 3.6 (Low)

PATCHED VERSIONS

  • >= 1.12.1

DESCRIPTION

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

RELATED