open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation
Published: May 05, 2015
SECURITY IDENTIFIERS
- CVE: CVE-2015-3649 (NVD)
- GHSA: GHSA-7m2w-9gw7-c3xp
- OSVDB: OSVDB-121701
- Vendor Advisory: http://seclists.org/oss-sec/2015/q2/373
GEM
SEVERITY
CVSS v3.x: 7.8 (High)
PATCHED VERSIONS
None available.
DESCRIPTION
open-uri-cached Gem for Ruby contains a flaw that is due to the program creating temporary files in a predictable, unsafe manner when using YAML. This may allow a local attacker to gain elevated privileges.