CVE-2015-3649: Unsafe Temporary File Creation Local Privilege Escalation

August 18, 2017 (updated August 23, 2017)

The gem open-uri-cached contains a flaw that is due to the program creating predictable temporary files and loading YAML without a safe loader. This may allow a local attacker to gain elevated privileges.

References

www.openwall.com/lists/oss-security/2015/05/05/14
www.openwall.com/lists/oss-security/2015/05/06/2
github.com/tigris/open-uri-cached/issues/8

Code Behaviors & Features

Detect and mitigate CVE-2015-3649 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →