Skip to content

Gollum Exposure of Sensitive Information

Moderate severity GitHub Reviewed Published Aug 28, 2018 to the GitHub Advisory Database • Updated Mar 14, 2023

Package

bundler gollum (RubyGems)

Affected versions

< 4.0.1

Patched versions

4.0.1

Description

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

References

Published to the GitHub Advisory Database Aug 28, 2018
Reviewed Jun 16, 2020
Last updated Mar 14, 2023

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(76th percentile)

Weaknesses

CVE ID

CVE-2015-7314

GHSA ID

GHSA-m2q3-53fq-7h66

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.