You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
add in ./ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb
puts"Code execution with : #{%x(id)}"
require the gem in a other projet may run the shell code with the user privilege.
$ brakeman
Loading scanner...
Code execution with : uid=1000(xxxx) gid=1000(xxxx) groups=1000(xxxx)
Please supply the path to a Rails application (looking in /home/xxxx/).
Please release a new release asap.
The text was updated successfully, but these errors were encountered:
Hi,
This gem has world writable files in the release 1.0.0.
how to reproduce the issue
exploitation poc
add in ./ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb
require the gem in a other projet may run the shell code with the user privilege.
Please release a new release asap.
The text was updated successfully, but these errors were encountered: