{"id":"UBUNTU-CVE-2013-0162","details":"The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.","modified":"2025-10-24T04:44:59Z","published":"2013-03-01T05:40:00Z","upstream":["CVE-2013-0162"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-0162"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2013/02/22/5"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2013-0162"}],"affected":[{"package":{"name":"ruby-parser","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ruby-parser@3.6.6-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.6.6-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.6-1","binary_name":"ruby-parser"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-0162.json"}},{"package":{"name":"ruby-parser","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ruby-parser@3.8.2-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.8.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.2-1","binary_name":"ruby-parser"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-0162.json"}},{"package":{"name":"ruby-parser","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ruby-parser@3.11.0-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.11.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.11.0-1","binary_name":"ruby-parser"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-0162.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"low"}]}