Skip to content

Gollum Exposure of Sensitive Information

Moderate severity GitHub Reviewed Published Aug 28, 2018 to the GitHub Advisory Database • Updated Mar 14, 2023

Package

bundler gollum (RubyGems)

Affected versions

< 4.0.1

Patched versions

4.0.1

Description

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

References

Published to the GitHub Advisory Database Aug 28, 2018
Reviewed Jun 16, 2020
Last updated Mar 14, 2023

Severity

Moderate

EPSS score

0.498%
(77th percentile)

Weaknesses

CVE ID

CVE-2015-7314

GHSA ID

GHSA-m2q3-53fq-7h66

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.