CVE-2014-0177: Arbitrary File Overwrite in hub

February 15, 2022

The am function in lib/hub/commands.rb in hub allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

References

github.com/advisories/GHSA-x5m6-jh4r-34mv
github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600
nvd.nist.gov/vuln/detail/CVE-2014-0177
secunia.com/advisories/58273

Code Behaviors & Features

Detect and mitigate CVE-2014-0177 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →