CVE-2017-8418: Insecure use of /tmp

May 2, 2017 (updated October 3, 2019)

RuboCop does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

References

github.com/bbatsov/rubocop/commit/dcb258fabd5f2624c1ea0e1634763094590c09d7
github.com/bbatsov/rubocop/issues/4336
nvd.nist.gov/vuln/detail/CVE-2017-8418

Code Behaviors & Features

Detect and mitigate CVE-2017-8418 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →