Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh

ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

Permalink: https://github.com/advisories/GHSA-x2h8-qmj4-g62f
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago


CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Identifiers: GHSA-x2h8-qmj4-g62f, CVE-2024-28862
References: Repository: https://github.com/mdp/rotp
Blast Radius: 18.5

Affected Packages

rubygems:rotp
Dependent packages: 64
Dependent repositories: 3,073
Downloads: 74,646,112 total
Affected Version Ranges: >= 6.2.1, < 6.3.0
Fixed in: 6.3.0
All affected versions: 6.2.1, 6.2.2
All unaffected versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.5.0, 1.6.0, 1.6.1, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 4.0.0, 4.0.2, 4.1.0, 5.0.0, 5.1.0, 6.0.0, 6.1.0, 6.2.0, 6.3.0