The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
References
Link | Resource |
---|---|
http://secunia.com/advisories/58273 | URL Repurposed |
https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600 | Exploit Patch |
Configurations
History
06 Jun 2023, 14:02
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/58273 - URL Repurposed | |
First Time |
Github
Github hub |
|
CPE | cpe:2.3:a:github:hub:*:*:*:*:*:*:*:* |
Information
Published : 2014-05-27 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-0177
Mitre link : CVE-2014-0177
CVE.ORG link : CVE-2014-0177
JSON object : View
Products Affected
github
- hub
CWE
CWE-310
Cryptographic Issues