CVE-2019-3881
N/A
N/A
Summary
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | rubygem-bundler | bundler versions before 2.1.0 | affected |
Weaknesses
- CWE-427: CWE-427
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.