Zenspider

zenspider

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Ruby Parser Legacy

ruby_parser-legacy

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18409 1Zenspider 1Ruby Parser Legacy Nov 21, 2024 Oct 24, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a lo...Show more The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-18409

1Zenspider

1Ruby Parser Legacy

Nov 21, 2024

Oct 24, 2019

N/A· v4

7.8 HIGH· v3

4.6 MEDIUM· v2

The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.Show less