Lucene search
GoogleOSV:GHSA-X5M6-JH4R-34MVHistoryFeb 15, 2022 - 1:07 a.m.
Hub Package Arbitrary File Overwrite
2022-02-1501:07:53
Google
osv.dev
8
arbitrary file overwrite
symlink attack
temporary patch file
local users
security vulnerability
software package
EPSS
0
Percentile
5.1%
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
References
github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
github.com/mislav/hub
github.com/mislav/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
github.com/mislav/hub/releases/tag/v1.12.1
github.com/rubysec/ruby-advisory-db/blob/master/gems/hub/CVE-2014-0177.yml
nvd.nist.gov/vuln/detail/CVE-2014-0177
Related
rubygems
rubygems
Hub Package Arbitrary File Overwrite
2022-02-14 21:00:00
cvelist
cvelist
CVE-2014-0177
2014-05-27 15:00:00
github
github
Hub Package Arbitrary File Overwrite
2022-02-15 01:07:53
prion
prion
Design/Logic Flaw
2014-05-27 14:55:00
ubuntucve
ubuntucve
CVE-2014-0177
2014-05-27 00:00:00
nvd
nvd
CVE-2014-0177
2014-05-27 14:55:10
cve
cve
CVE-2014-0177
2014-05-27 15:00:00