Low severityNVD Advisory· Published Mar 1, 2013· Updated Jun 16, 2026
CVE-2013-0162
CVE-2013-0162
Description
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby_parserRubyGems | >= 2.0.2, < 3.1.2 | 3.1.2 |
Affected products
30cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*range: <=3.1.1
- cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
11- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- github.com/advisories/GHSA-8mvw-22r7-w6fqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-0162ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2013-0544.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-0548.htmlnvdWEB
- access.redhat.com/errata/RHSA-2013:0544ghsaWEB
- access.redhat.com/errata/RHSA-2013:0582ghsaWEB
- access.redhat.com/security/cve/CVE-2013-0162ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby_parser/CVE-2013-0162.ymlghsaWEB
- github.com/seattlerb/ruby_parser/commit/506c7e13cff6f8715385fa8488b621028b4ad280ghsaWEB
- github.com/seattlerb/ruby_parser/commit/c35acd878d50a8e4ea35933e3fbdc493421d422cghsaWEB
News mentions
0No linked articles in our index yet.