Published: 04/09/2020 Updated: 08/11/2022

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Bundler before 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bundler bundler

Read and write Java-style .properties files with minimal intrusiveness

DotProperties Reads and writes Java properties files like a champ Intuitive, Hash-like access Anywhere it makes sense to act like a Hash, it acts like a Hash Won't clobber comments and blank lines (unless you want to) Will preserve original delimiters for each value (unless you normalize them) Supports all the delimiters (whitespace, =, :) Supports both comment pr

CWE-427 https://bugzilla.redhat.com/show_bug.cgi?id=1651826 https://nvd.nist.gov https://github.com/mbklein/dot-properties

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-3881

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect