oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: gollum information disclosure vulnerability

From: cve-assign () mitre org
Date: Tue, 22 Sep 2015 16:54:14 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


A vulnerability has been found in the gollum wiki, which allows
attackers to gain read access to arbitrary files on the system.

Website: https://github.com/gollum/gollum
Affected versions: 4.0.0 and earlier
Patched version: 4.0.1

https://github.com/gollum/gollum/commit/ce68a88293ce3b18c261312392ad33a88bb69ea1



+  halt 500 unless tempfile.is_a? Tempfile


Use CVE-2015-7314.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWAb0kAAoJEL54rhJi8gl5b04QAKUS3eQcfKwMz1IpPGFw2fo8
XzZVU0frlXw5aLzvFK22MW6auTWtsa3CnwBOFDwEFXvfN3V3p4uLjsTLIVN2WWij
GMhqXZKe07bQpXOrO0li0PeAHCkPSjwCLMpK98odXR3tRXbKp5fHEfGjfpg+6u98
Sq2bavxC6wCBIbF9k6wmWkJ/uGzSt6jNqt/sOQ/oVsNUJ9BdPhKIa9IypaPB8r1R
DXVI9W29rFAqFnkMXSGY4+tLQJhIsySnKjhJ8ViDVYNTD45eUsjJAawXhxbGJafz
SqKBfADfXpWNA6p2Vvfyyi3ys8v0jnN/fZqmROulBd0XUq+KMVFOe7NLalC7fcxh
aN8Q66JfroHcyb0hPw92sYpivyUSxz4prCOc2w0OPH1CvxACMqfVzCeq4TGZuMlO
VJBRnxhrhNWRTAIW/x+9OSMXJfglyKdF5pDtdSqYO+UoG5ND6n4rABPogRXknP0I
6cdaFpfRtOKWoDZqqANV8M7I956Vyol/kRkuVr8r+iHUfL/LWAh7iOqYlq82EmXo
Gb9koVcOLMKjUnzF4ELC2qjt8Z4U8jK5p9L3z7cD+NOyFhfOHNKGkO1X5H4lpyjr
S0valRAG6k1+ptHknNz9l+fzsJmPnL0D51yWSiX+/Pkx7HKu7v9Q5a3PgPAyhyeu
s8IpKgVaqe63J6di8cGR
=o7Ih
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: