Description
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
References (2)
Core 2
Core References
URL Repurposed third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58273
Exploit, Patch x_refsource_confirm
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
Scores
EPSS
0.0014
EPSS Percentile
33.1%
Details
CWE
CWE-310
Status
published
Products (3)
github/hub
< 1.12.0
github/hub
0 - 1.12.1Go
rubygems/hub
0 - 1.12.1RubyGems
Published
May 27, 2014
Tracked Since
Feb 18, 2026