VYPR
Low severityNVD Advisory· Published Mar 1, 2013· Updated Jun 16, 2026

CVE-2013-0162

CVE-2013-0162

Description

The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ruby_parserRubyGems
>= 2.0.2, < 3.1.23.1.2

Affected products

30
  • cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*range: <=3.1.1
    • cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.0.2, < 3.1.2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.