The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
References
Link | Resource |
---|---|
http://secunia.com/advisories/58273 | URL Repurposed |
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600 | Exploit Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-27T15:00:00
Updated: 2014-05-27T14:57:00
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0177
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-27T14:55:10.540
Modified: 2023-06-06T14:02:25.683
Link: CVE-2014-0177
JSON object: View
Redhat Information
No data.
CWE