Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2015-3649
Vulnerability from gsd - Updated: 2015-05-05 00:00Details
open-uri-cached Gem for Ruby contains a flaw that is due to the
program creating temporary files in a predictable, unsafe manner when using
YAML. This may allow a local attacker to gain elevated privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3649",
"description": "The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing \"openuri-\" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.",
"id": "GSD-2015-3649"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "open-uri-cached",
"purl": "pkg:gem/open-uri-cached"
}
}
],
"aliases": [
"CVE-2015-3649",
"OSVDB-121701"
],
"details": "open-uri-cached Gem for Ruby contains a flaw that is due to the\nprogram creating temporary files in a predictable, unsafe manner when using\nYAML. This may allow a local attacker to gain elevated privileges.\n",
"id": "GSD-2015-3649",
"modified": "2015-05-05T00:00:00.000Z",
"published": "2015-05-05T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2015/q2/373"
}
],
"schema_version": "1.4.0",
"summary": "open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing \"openuri-\" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39",
"refsource": "MISC",
"url": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39"
},
{
"name": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115",
"refsource": "MISC",
"url": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115"
},
{
"name": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25",
"refsource": "MISC",
"url": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25"
},
{
"name": "[oss-security] 20150506 Re: Local privileges escalation in rubygem open-uri-cached",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/06/2"
},
{
"name": "74469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74469"
},
{
"name": "http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/",
"refsource": "MISC",
"url": "http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2015-3649",
"date": "2015-05-05",
"description": "open-uri-cached Gem for Ruby contains a flaw that is due to the\nprogram creating temporary files in a predictable, unsafe manner when using\nYAML. This may allow a local attacker to gain elevated privileges.\n",
"gem": "open-uri-cached",
"osvdb": 121701,
"title": "open-uri-cached Gem for Ruby Unsafe Temporary File Creation Local Privilege Escalation",
"url": "http://seclists.org/oss-sec/2015/q2/373"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e0.0.0a",
"affected_versions": "All versions",
"credit": "Michael Scherer",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2017-08-23",
"description": "The gem `open-uri-cached` contains a flaw that is due to the program creating predictable temporary files and loading YAML without a safe loader. This may allow a local attacker to gain elevated privileges.",
"fixed_versions": [],
"identifier": "CVE-2015-3649",
"identifiers": [
"CVE-2015-3649"
],
"package_slug": "gem/open-uri-cached",
"pubdate": "2017-08-18",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Unsafe Temporary File Creation Local Privilege Escalation",
"urls": [
"http://www.openwall.com/lists/oss-security/2015/05/05/14",
"http://www.openwall.com/lists/oss-security/2015/05/06/2",
"https://github.com/tigris/open-uri-cached/issues/8"
],
"uuid": "d31e59b9-80b2-45ae-905c-93ef25191f33"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:open-uri-cached_project:open-uri-cached:0.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3649"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing \"openuri-\" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L39"
},
{
"name": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L25"
},
{
"name": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rb#L115"
},
{
"name": "74469",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74469"
},
{
"name": "[oss-security] 20150506 Re: Local privileges escalation in rubygem open-uri-cached",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/06/2"
},
{
"name": "http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-11-05T14:55Z",
"publishedDate": "2017-08-18T16:29Z"
}
}
}