ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite
Published: June 30, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-5003 (NVD)
- GHSA: GHSA-g982-9r8g-6qxw
- OSVDB: OSVDB-108586
GEM
SEVERITY
CVSS v3.x: 5.5 (Medium)
PATCHED VERSIONS
None available.
DESCRIPTION
ciborg Gem for Ruby contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to cause the program to unexpectedly overwrite an arbitrary file.