The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.
References
Link | Resource |
---|---|
https://github.com/zenspider/ruby_parser-legacy/issues/1 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-24T13:59:19
Updated: 2019-10-24T13:59:19
Reserved: 2019-10-24T00:00:00
Link: CVE-2019-18409
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-24T14:15:11.583
Modified: 2019-10-30T16:55:48.497
Link: CVE-2019-18409
JSON object: View
Redhat Information
No data.
CWE