ADVISORIES

• CVE-2014-0177 (NVD)
• GHSA-x5m6-jh4r-34mv
• Vendor Advisory

GEM

hub

SEVERITY

CVSS v3.x: 4.4 (Medium)

CVSS v2.0: 3.6 (Low)

PATCHED VERSIONS

• >= 1.12.1

DESCRIPTION

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2014-0177
• https://github.com/mislav/hub/releases/tag/v1.12.1
• https://www.suse.com/zh-cn/security/cve/CVE-2014-0177.html
• https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
• https://github.com/advisories/GHSA-x5m6-jh4r-34mv