Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby 权限许可和访问控制问题漏洞
Vulnerability Description
Ruby是松本行弘个人开发者的一种跨平台、面向对象的动态类型编程语言。 Ruby 3.1.1版本和较早版本存在权限许可和访问控制问题漏洞。通过对/tmp目录下带有可预测名字的临时文件进行符号链接攻击,本地攻击者利用该漏洞重写任意文件。
CVSS Information
N/A
Vulnerability Type
N/A