CVE-2015-7314
EPSS 0.47%Gollum Exposure of Sensitive Information
發布日:2018/8/28修改日:2024/12/5
描述
The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.
受影響套件(1)
- RubyGems/gollumfrom 0, < 4.0.1
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7314
- PATCHhttps://github.com/gollum/gollum
- WEBhttp://jvndb.jvn.jp/jvndb/JVNDB-2015-000149
- WEBhttp://jvn.jp/en/jp/JVN27548431/index.html
- WEBhttps://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
- WEBhttps://github.com/gollum/gollum/issues/1070
- WEBhttp://www.openwall.com/lists/oss-security/2015/09/22/12