CVE-2013-0162

ruby_parser < 3.1.1 - Arbitrary File Write via Symlink Attack on Temporary File

Title source: llm
STIX 2.1

Description

The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0548.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0544.html

Scores

EPSS 0.0015
EPSS Percentile 34.9%

Details

CWE
CWE-264
Status published
Products (30)
rubygems/ruby_parser 2.0.2 - 3.1.2RubyGems
ryan_davis/ruby_parser 1.0.0
ryan_davis/ruby_parser 2.0.0
ryan_davis/ruby_parser 2.0.1
ryan_davis/ruby_parser 2.0.2
ryan_davis/ruby_parser 2.0.3
ryan_davis/ruby_parser 2.0.4
ryan_davis/ruby_parser 2.0.5
ryan_davis/ruby_parser 2.0.6
ryan_davis/ruby_parser 2.1.0
... and 20 more
Published Mar 01, 2013
Tracked Since Feb 18, 2026