CVSS v3.x: 2.5 (Low)
- != 0.2.0
- >= 0.3.0
of the octopoller gem was published containing world-writeable files. Specifically,
the gem was packed with files having their permissions set to
0666) instead of
rw-r--r-- (i.e. 0644).
This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem.
Malicious code already present and running on your machine, separate from this package, could modify the gem’s files and change its behavior during runtime.
- octopoller v0.3.0
Users can use the previous version of the gem v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.