ADVISORIES
- CVE-2014-5003 (NVD)
- OSVDB-108586
GEM
PATCHED VERSIONS
None.
DESCRIPTION
ciborg Gem for Ruby contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to cause the program to unexpectedly overwrite an arbitrary file.