Advisories for Gem/Ciborg package

2018

Command injection vulnerability

It contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to overwrite the contents with their own code executing it as the ciborg process owner.