High severityNVD Advisory· Published Oct 24, 2019· Updated Aug 5, 2024
CVE-2019-18409
CVE-2019-18409
Description
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby_parser-legacyRubyGems | <= 1.0.0 | — |
Affected products
2- legacy/ruby_parser-legacydescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hhwc-8g49-j8jxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-18409ghsaADVISORY
- brakemanscanner.org/blog/2019/10/14/brakeman-4-dot-7-dot-1-releasedghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/brakeman/CVE-2019-18409.ymlghsaWEB
- github.com/zenspider/ruby_parser-legacy/issues/1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.