RubySec

Providing security resources for the Ruby community

CVE-2019-17383 (netaddr): netaddr world-writeable file permissions

ADVISORIES

GEM

netaddr

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

  • ~> 1.5.3
  • >= 2.0.4

DESCRIPTION

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories