CVE-2019-18409: Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
7.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.30434%
CWE
Published
10/25/2019
Updated
8/25/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
ruby_parser-legacy | rubygems | <= 1.0.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from incorrect file permissions (world-writable files) in the ruby_parser-legacy gem, not from specific function implementations. The advisory explicitly identifies file paths like 'lib/ruby_parser/legacy/ruby_parser.rb' as being vulnerable to modification, but does not point to any specific functions within those files as being inherently flawed. The core issue is the installation-time file permissions (CWE-732), not a coding error in a particular function. No functions are identified as vulnerable with high confidence because the exploitability comes from filesystem permissions rather than function logic.