Bundler is vulnerable to remote code execution (RCE). The attack is possible because a world writable temporary directory with predictable name tmp/:
is created by tmp_home_path
when there is no writable home directory, allowing a remote attacker to create a directory and to write malicious libraries to the location.
CPE | Name | Operator | Version |
---|---|---|---|
bundler | le | 2.1.0.pre.2 | |
rh-ruby26-ruby | eq | 2.6.2__118.el7 | |
bundler | le | 2.1.0.pre.2 | |
rh-ruby26-ruby | eq | 2.6.2__118.el7 |