Skip to content

Error : File Access #4

New issue
New issue
Open
Open
Error : File Access#4
@ecopes

Description

@ecopes
ecopes
opened on Feb 20, 2018

Error : File Access

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.

Category description: When user-supplied input can contain ".." or similar characters that are passed through to file access APIs, causing access to files outside of an intended subdirectory.
Solution: upgrade rubocop to >= 0.49.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions