Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtamYtanBqai05ZjNq
RuboCop gem Insecure use of /tmp
RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.
Permalink: https://github.com/advisories/GHSA-wmjf-jpjj-9f3jJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtamYtanBqai05ZjNq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 7 years ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-wmjf-jpjj-9f3j, CVE-2017-8418
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-8418
- https://github.com/bbatsov/rubocop/issues/4336
- http://www.openwall.com/lists/oss-security/2017/05/01/14
- https://github.com/rubocop/rubocop/commit/dcb258fabd5f2624c1ea0e1634763094590c09d7
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubocop/CVE-2017-8418.yml
- https://github.com/advisories/GHSA-wmjf-jpjj-9f3j
Blast Radius: 16.7
Affected Packages
rubygems:rubocop
Dependent packages: 12,291Dependent repositories: 115,529
Downloads: 475,282,835 total
Affected Version Ranges: < 0.49.0
Fixed in: 0.49.0
All affected versions: 0.0.0, 0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.14.1, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.19.0, 0.19.1, 0.20.0, 0.20.1, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.24.1, 0.25.0, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.30.1, 0.31.0, 0.32.0, 0.32.1, 0.33.0, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.35.1, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.41.0, 0.41.1, 0.41.2, 0.42.0, 0.43.0, 0.44.0, 0.44.1, 0.45.0, 0.46.0, 0.47.0, 0.47.1, 0.48.0, 0.48.1
All unaffected versions: 0.49.0, 0.49.1, 0.50.0, 0.51.0, 0.52.0, 0.52.1, 0.53.0, 0.54.0, 0.55.0, 0.56.0, 0.57.0, 0.57.1, 0.57.2, 0.58.0, 0.58.1, 0.58.2, 0.59.0, 0.59.1, 0.59.2, 0.60.0, 0.61.0, 0.61.1, 0.62.0, 0.63.0, 0.63.1, 0.64.0, 0.65.0, 0.66.0, 0.67.0, 0.67.1, 0.67.2, 0.68.0, 0.68.1, 0.69.0, 0.70.0, 0.71.0, 0.72.0, 0.73.0, 0.74.0, 0.75.0, 0.75.1, 0.76.0, 0.77.0, 0.78.0, 0.79.0, 0.80.0, 0.80.1, 0.81.0, 0.82.0, 0.83.0, 0.84.0, 0.85.0, 0.85.1, 0.86.0, 0.87.0, 0.87.1, 0.88.0, 0.89.0, 0.89.1, 0.90.0, 0.91.0, 0.91.1, 0.92.0, 0.93.0, 0.93.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.16.1, 1.17.0, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.19.0, 1.19.1, 1.20.0, 1.21.0, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.23.0, 1.24.0, 1.24.1, 1.25.0, 1.25.1, 1.26.0, 1.26.1, 1.27.0, 1.28.0, 1.28.1, 1.28.2, 1.29.0, 1.29.1, 1.30.0, 1.30.1, 1.31.0, 1.31.1, 1.31.2, 1.32.0, 1.33.0, 1.34.0, 1.34.1, 1.35.0, 1.35.1, 1.36.0, 1.37.0, 1.37.1, 1.38.0, 1.39.0, 1.40.0, 1.41.0, 1.41.1, 1.42.0, 1.43.0, 1.44.0, 1.44.1, 1.45.0, 1.45.1, 1.46.0, 1.47.0, 1.48.0, 1.48.1, 1.49.0, 1.50.0, 1.50.1, 1.50.2, 1.51.0, 1.52.0, 1.52.1, 1.53.0, 1.53.1, 1.54.0, 1.54.1, 1.54.2, 1.55.0, 1.55.1, 1.56.0, 1.56.1, 1.56.2, 1.56.3, 1.56.4, 1.57.0, 1.57.1, 1.57.2, 1.58.0, 1.59.0, 1.60.0, 1.60.1, 1.60.2, 1.61.0, 1.62.0, 1.62.1, 1.63.0, 1.63.1, 1.63.2, 1.63.3, 1.63.4, 1.63.5, 1.64.0, 1.64.1, 1.65.0, 1.65.1, 1.66.0, 1.66.1, 1.67.0, 1.68.0