CVE-2013-0162
01.03.2013, 05:40
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ryan_davis | ruby_parser | 𝑥 ≤ 3.1.1 |
| ryan_davis | ruby_parser | 1.0.0 |
| ryan_davis | ruby_parser | 2.0.0 |
| ryan_davis | ruby_parser | 2.0.1 |
| ryan_davis | ruby_parser | 2.0.2 |
| ryan_davis | ruby_parser | 2.0.3 |
| ryan_davis | ruby_parser | 2.0.4 |
| ryan_davis | ruby_parser | 2.0.5 |
| ryan_davis | ruby_parser | 2.0.6 |
| ryan_davis | ruby_parser | 2.1.0 |
| ryan_davis | ruby_parser | 2.2.0 |
| ryan_davis | ruby_parser | 2.3.0 |
| ryan_davis | ruby_parser | 2.3.1 |
| ryan_davis | ruby_parser | 3.0.0 |
| ryan_davis | ruby_parser | 3.0.0.a1:a1 |
| ryan_davis | ruby_parser | 3.0.0.a2:a2 |
| ryan_davis | ruby_parser | 3.0.0.a3:a3 |
| ryan_davis | ruby_parser | 3.0.0.a4:a4 |
| ryan_davis | ruby_parser | 3.0.0.a5:a5 |
| ryan_davis | ruby_parser | 3.0.0.a6:a6 |
| ryan_davis | ruby_parser | 3.0.0.a7:a7 |
| ryan_davis | ruby_parser | 3.0.0.a8:a8 |
| ryan_davis | ruby_parser | 3.0.0.a9:a9 |
| ryan_davis | ruby_parser | 3.0.0.a10:a10 |
| ryan_davis | ruby_parser | 3.0.1 |
| ryan_davis | ruby_parser | 3.0.2 |
| ryan_davis | ruby_parser | 3.0.3 |
| ryan_davis | ruby_parser | 3.0.4 |
| ryan_davis | ruby_parser | 3.1.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ruby-parser |
|
Common Weakness Enumeration
References