CVE-2015-7314
EPSS 0.47%Gollum Exposure of Sensitive Information
Published: 8/28/2018Modified: 12/5/2024
Also known as:GHSA-m2q3-53fq-7h66
Description
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.
Affected packages (1)
- RubyGems/gollumfrom 0, < 4.0.1
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7314
- PATCHhttps://github.com/gollum/gollum
- WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000149
- WEBhttp://jvn.jp/en/jp/JVN27548431/index.html
- WEBhttps://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
- WEBhttps://github.com/gollum/gollum/issues/1070
- WEBhttp://www.openwall.com/lists/oss-security/2015/09/22/12