netaddr world-writeable file permissions
Published: October 14, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2019-17383 (NVD)
- GHSA: GHSA-49pj-69vf-c689
- Vendor Advisory: https://github.com/dspinhirne/netaddr-rb/pull/20
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
~> 1.5.3
>= 2.0.4
DESCRIPTION
The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.