CVE-2013-0162: Incorrect temporary file usage

March 1, 2013

The ruby_parser Gem does not create temporary files securely. In the diff_pp function contained in lib/gauntlet_rubyparser.rb function, it creates files as /tmp/a.[pid] and /tmp/b.[pid] which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable.

References

bugzilla.redhat.com/show_bug.cgi?id=892806

Code Behaviors & Features

Detect and mitigate CVE-2013-0162 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →