Lucene search
RubySecRUBY:HUB-2014-0177HistoryFeb 14, 2022 - 9:00 p.m.
Hub Package Arbitrary File Overwrite
2022-02-1421:00:00
RubySec
github.com
4
hub
package
arbitrary file
overwrite
local users
symlink attack
temporary patch file
security issue
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
The am function in lib/hub/commands.rb in hub before 1.12.1 allows
local users to overwrite arbitrary files via a symlink attack
on a temporary patch file.
Affected configurations
Node
rubyhubRange≤1.12.1
Related
osv
osv
Hub Package Arbitrary File Overwrite
2022-02-15 01:07:53
cvelist
cvelist
CVE-2014-0177
2014-05-27 15:00:00
github
github
Hub Package Arbitrary File Overwrite
2022-02-15 01:07:53
prion
prion
Design/Logic Flaw
2014-05-27 14:55:00
ubuntucve
ubuntucve
CVE-2014-0177
2014-05-27 00:00:00
nvd
nvd
CVE-2014-0177
2014-05-27 14:55:10
cve
cve
CVE-2014-0177
2014-05-27 15:00:00
CVSS2
3.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
Related for RUBY:HUB-2014-0177