CVE-2015-3649
HIGHopen-uri-cached RubyGem - Local Cache Directory Ruby Code Execution
Title source: manualDescription
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39
Third Party Advisory x_refsource_misc
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115
Third Party Advisory x_refsource_misc
https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/06/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74469
Third Party Advisory x_refsource_misc
http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
open-uri-cached_project/open-uri-cached
0.0.5
rubygems/open-uri-cached
0RubyGems
Published
Aug 18, 2017
Tracked Since
Feb 18, 2026