Sha256: ccc987670d059f22f4fa806293a9b2e828f401fbc81aa9322f3e27c6642ca4ad

Contents?: true

Size: 474 Bytes

Versions: 6

Compression:

Stored size: 474 Bytes

Contents

---
gem: gollum
cve: 2015-7314
osvdb: 127779
url: https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
title: gollum Upload File Functionality Permits Arbitrary File Access
date: 2015-09-20
description: |
  The gollum gem contains a flaw in its upload file functionality that can
  allow arbitrary file access. This occurs due to a lack of type checking
  when handling temporary files during the upload process.
patched_versions:
  - ">= 4.0.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/gollum/CVE-2015-7314.yml