The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T14:18:09.378Z
Reserved: 2012-12-06T00:00:00Z
Link: CVE-2013-0162

No data.

Status : Deferred
Published: 2013-03-01T05:40:16.987
Modified: 2025-04-11T00:51:21.963
Link: CVE-2013-0162


No data.