CVE-2019-17383

CRITICAL

netaddr < 1.5.3 and 2.0.0-2.0.3 - Incorrect Default Permissions

Title source: llm

Description

The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51

View Patch ZIP pw:eip

Product x_refsource_misc

https://rubygems.org/gems/netaddr/versions

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 49.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (2)

netaddr_project/netaddr 1.5.0 - 1.5.3

rubygems/netaddr 2.0.0 - 2.0.4RubyGems

Published Oct 09, 2019

Tracked Since Feb 18, 2026