CVE-2015-3649: Unsafe Temporary File Creation Local Privilege Escalation
(updated )
The gem open-uri-cached
contains a flaw that is due to the program creating predictable temporary files and loading YAML without a safe loader. This may allow a local attacker to gain elevated privileges.
References
Detect and mitigate CVE-2015-3649 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →