CVE-2014-0177 (hub): Hub Package Arbitrary File Overwrite

Hub Package Arbitrary File Overwrite

Published: February 15, 2022

SECURITY IDENTIFIERS

CVE: CVE-2014-0177 (NVD)
GHSA: GHSA-x5m6-jh4r-34mv
Vendor Advisory: https://github.com/mislav/hub/releases/tag/v1.12.1

GEM

hub

SEVERITY

CVSS v3.x: 4.4 (Medium)

CVSS v2.0: 3.6 (Low)

PATCHED VERSIONS

>= 1.12.1

DESCRIPTION

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

https://nvd.nist.gov/vuln/detail/CVE-2014-0177
https://github.com/mislav/hub/releases/tag/v1.12.1
https://www.suse.com/zh-cn/security/cve/CVE-2014-0177.html
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
https://github.com/advisories/GHSA-x5m6-jh4r-34mv

RubySec