oss-sec mailing list archives
Re: CVE Request: gollum information disclosure vulnerability
From: cve-assign () mitre org
Date: Tue, 22 Sep 2015 16:54:14 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A vulnerability has been found in the gollum wiki, which allows attackers to gain read access to arbitrary files on the system. Website: https://github.com/gollum/gollum Affected versions: 4.0.0 and earlier Patched version: 4.0.1 https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1
+ halt 500 unless tempfile.is_a? Tempfile
Use CVE-2015-7314. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWAb0kAAoJEL54rhJi8gl5b04QAKUS3eQcfKwMz1IpPGFw2fo8 XzZVU0frlXw5aLzvFK22MW6auTWtsa3CnwBOFDwEFXvfN3V3p4uLjsTLIVN2WWij GMhqXZKe07bQpXOrO0li0PeAHCkPSjwCLMpK98odXR3tRXbKp5fHEfGjfpg+6u98 Sq2bavxC6wCBIbF9k6wmWkJ/uGzSt6jNqt/sOQ/oVsNUJ9BdPhKIa9IypaPB8r1R DXVI9W29rFAqFnkMXSGY4+tLQJhIsySnKjhJ8ViDVYNTD45eUsjJAawXhxbGJafz SqKBfADfXpWNA6p2Vvfyyi3ys8v0jnN/fZqmROulBd0XUq+KMVFOe7NLalC7fcxh aN8Q66JfroHcyb0hPw92sYpivyUSxz4prCOc2w0OPH1CvxACMqfVzCeq4TGZuMlO VJBRnxhrhNWRTAIW/x+9OSMXJfglyKdF5pDtdSqYO+UoG5ND6n4rABPogRXknP0I 6cdaFpfRtOKWoDZqqANV8M7I956Vyol/kRkuVr8r+iHUfL/LWAh7iOqYlq82EmXo Gb9koVcOLMKjUnzF4ELC2qjt8Z4U8jK5p9L3z7cD+NOyFhfOHNKGkO1X5H4lpyjr S0valRAG6k1+ptHknNz9l+fzsJmPnL0D51yWSiX+/Pkx7HKu7v9Q5a3PgPAyhyeu s8IpKgVaqe63J6di8cGR =o7Ih -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gollum information disclosure vulnerability Dawa Ometto (Sep 20)
- Re: CVE Request: gollum information disclosure vulnerability cve-assign (Sep 22)