Sha256: 67da79885036f346c9fb6a38b28125514b1eae529534e811eb28094e82da0d2b
Contents?: true
Size: 739 Bytes
Versions: 1
Compression:
Stored size: 739 Bytes
Contents
---
gem: brakeman
cve: 2019-18409
date: 2019-10-24
url: https://brakemanscanner.org/blog/2019/10/14/brakeman-4-dot-7-dot-1-released
title: brakeman world writable files allow local privilege escalation
description: |
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local
privilege escalation because of world-writable files. For example,
if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used,
a local user can insert malicious code into the
ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.
cvss_v2: 4.6
cvss_v3: 7.8
patched_versions:
- ">= 4.7.1"
unaffected_versions:
- "<= 4.4.0"
related:
url:
- https://github.com/zenspider/ruby_parser-legacy/issues/1
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/brakeman/CVE-2019-18409.yml |