Skip to content

ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

Moderate
mdp published GHSA-x2h8-qmj4-g62f Mar 15, 2024

Package

bundler rotp (RubyGems)

Affected versions

6.2.1, 6.2.2

Patched versions

6.3.0

Description

Impact

CWE-276: Incorrect Default Permissions

Patches

Users should patch to version 6.3.0

Workarounds

Correct file permissions after installation

References

Severity

Moderate

CVE ID

CVE-2024-28862

Weaknesses

Credits