MidnightBSD

Advisories for ryan_davis

CVE-2013-0162 LOW

The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ryan_davis ruby_parser 3.0.0.a6
ryan_davis ruby_parser 2.0.0
ryan_davis ruby_parser 2.0.3
ryan_davis ruby_parser 3.0.0.a9
ryan_davis ruby_parser 3.0.0.a10
ryan_davis ruby_parser 2.0.5
ryan_davis ruby_parser 3.0.0.a4
ryan_davis ruby_parser 3.0.0.a7
ryan_davis ruby_parser 2.0.2
ryan_davis ruby_parser 1.0.0
ryan_davis ruby_parser 2.2.0
ryan_davis ruby_parser 3.0.0.a8
ryan_davis ruby_parser 2.0.6
ryan_davis ruby_parser 2.3.1
ryan_davis ruby_parser 3.0.0.a2
ryan_davis ruby_parser 3.0.2
ryan_davis ruby_parser 3.0.3
ryan_davis ruby_parser 2.0.1
ryan_davis ruby_parser *
ryan_davis ruby_parser 3.0.0.a1
ryan_davis ruby_parser 3.0.4
ryan_davis ruby_parser 3.0.0
ryan_davis ruby_parser 3.0.0.a3
ryan_davis ruby_parser 3.0.1
ryan_davis ruby_parser 3.0.0.a5
ryan_davis ruby_parser 3.1.0
ryan_davis ruby_parser 2.0.4
ryan_davis ruby_parser 2.1.0
ryan_davis ruby_parser 2.3.0