RubySec

Providing security resources for the Ruby community

CVE-2019-17383 (netaddr): netaddr world-writeable file permissions

ADVISORIES

GEM

netaddr

SEVERITY

CVSS v3: 9.8

PATCHED VERSIONS

  • >= 2.0.4

DESCRIPTION

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.