CVE-2019-3881 -- bundlerID: oval:org.secpod.oval:def:2004466 | Date: (C)2020-10-22 (M)2024-01-29 |
Class: VULNERABILITY | Family: unix |
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user"s home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
Platform: |
Debian 10.x |
Debian 9.x |