CVE-2015-3649

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
open-uri-cached_projectopen-uri-cached
0.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
http://www.openwall.com/lists/oss-security/2015/05/06/2
http://www.securityfocus.com/bid/74469
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
http://www.openwall.com/lists/oss-security/2015/05/06/2
http://www.securityfocus.com/bid/74469
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39