---
gem: gollum
cve: 2015-7314
osvdb: 127779
url: https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
title: gollum Upload File Functionality Permits Arbitrary File Access
date: 2015-09-20
description: |
  The gollum gem contains a flaw in its upload file functionality that can
  allow arbitrary file access. This occurs due to a lack of type checking
  when handling temporary files during the upload process.
patched_versions:
  - ">= 4.0.1"