ADVISORIES
- CVE-2015-7314 (NVD)
- GHSA-m2q3-53fq-7h66
- OSVDB-127779
- Vendor Advisory
GEM
PATCHED VERSIONS
- >= 4.0.1
DESCRIPTION
The gollum gem contains a flaw in its upload file functionality that can allow arbitrary file access. This occurs due to a lack of type checking when handling temporary files during the upload process.