netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions
Critical severity
GitHub Reviewed
Published
Oct 14, 2019
to the GitHub Advisory Database
•
Updated Jan 23, 2023
Description
Published by the National Vulnerability Database
Oct 9, 2019
Reviewed
Oct 14, 2019
Published to the GitHub Advisory Database
Oct 14, 2019
Last updated
Jan 23, 2023
The netaddr gem before 1.5.3 and 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
References