发布时间: 2021年11月5日
修改时间: 2024年10月31日
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 7.8 | 7.0 |
| Attack Complexity | Low | High |
| Privileges Required | None | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | Required | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2021-1418 | rubygem-bundler security update | 2021年11月5日 |
| 产品 | 包 | 状态 |
|---|
