CVE-2019-3881
CVE-2019-3881
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 set 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Produtos afetados
n/a · rubygem-bundlerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →