CVE-2017-8418: Insecure use of /tmp
(updated )
RuboCop does not use /tmp
in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.
References
Detect and mitigate CVE-2017-8418 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →