Incorrect Permission Assignment for Critical Resource
CVE-2019-18409
Summary
The ruby_parser-legacy (aka legacy) gem for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the "ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb" file.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Advisory Timeline
- Published