GHSA-x5m6-jh4r-34mv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x5m6-jh4r-34mv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-x5m6-jh4r-34mv/GHSA-x5m6-jh4r-34mv.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-x5m6-jh4r-34mv
- Aliases
-
- CVE-2014-0177
- Published
- 2022-02-15T01:07:53Z
- Modified
- 2023-11-08T05:24:30.893789Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- Hub Package Arbitrary File Overwrite
- Details
-
The
amfunction inlib/hub/commands.rbin hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. - Database specific
{ "cwe_ids": [ "CWE-377" ], "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2021-05-20T20:32:04Z", "nvd_published_at": "2014-05-27T14:55:10Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0177
- https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
- https://github.com/mislav/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
- https://github.com/mislav/hub
- https://github.com/mislav/hub/releases/tag/v1.12.1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hub/CVE-2014-0177.yml
Affected packages
Go / github.com/github/hub
Package
- Name
- github.com/github/hub
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/github/hub
RubyGems / hub
Package
- Name
- hub
- Purl
- pkg:gem/hub
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.12.1