High severity7.8NVD Advisory· Published Aug 18, 2017· Updated May 13, 2026
CVE-2015-3649
CVE-2015-3649
Description
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-uri-cachedRubyGems | <= 1.0.0 | — |
Affected products
1- cpe:2.3:a:open-uri-cached_project:open-uri-cached:0.0.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-ruby/nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2015/05/06/2nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/74469nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-7m2w-9gw7-c3xpghsaADVISORY
- github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rbnvdThird Party Advisory
- github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rbnvdThird Party Advisory
- github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rbnvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2015-3649ghsaADVISORY
- seclists.org/oss-sec/2015/q2/373ghsaWEB
- www.benjaminfleischer.com/2013/03/20/yaml-and-security-in-rubyghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/open-uri-cached/CVE-2015-3649.ymlghsaWEB
- github.com/tigris/open-uri-cached/blob/master/lib/open-uri/cached.rbghsaWEB
- github.com/tigris/open-uri-cached/issues/8ghsaWEB
- web.archive.org/web/20210119122105/http://www.securityfocus.com/bid/74469ghsaWEB
News mentions
0No linked articles in our index yet.