CVE-2015-3649 (open-uri-cached): open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation

May 5th, 2015

ADVISORIES

CVE-2015-3649 (NVD)
GHSA-7m2w-9gw7-c3xp
OSVDB-121701
Vendor Advisory

GEM

open-uri-cached

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

None.

DESCRIPTION

open-uri-cached Gem for Ruby contains a flaw that is due to the program creating temporary files in a predictable, unsafe manner when using YAML. This may allow a local attacker to gain elevated privileges.

RubySec

CVE-2015-3649 (open-uri-cached): open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories