CVE-2019-3881
CVSS v3.1
7.8 (High)
CVSS v2.0
4.4 (Medium)
EPSS
0.06 % (28th)
Affected Products
1
Advisories
12
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Weaknesses
- CWE-427
- Uncontrolled Search Path Element
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2020-09-04 12:15:10
(4 years ago) - Updated Date
-
2022-11-08 19:50:01
(22 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...