Fwininger

**Name of the Vulnerable Software and Affected Versions** ruby parser-legacy gem version 1.0.0 brakeman gem versions 4.5.0 through 4.7.0 **Description** The issue allows local privilege escalation due to world-writable files. A local user can insert malicious code into the `ruby parser-legacy-1.0.0/lib/ruby parser/legacy/ruby parser.rb` file, for example, when the brakeman gem with a legacy dependency is used. **Recommendations** For ruby parser-legacy gem version 1.0.0, update to a version that fixes the world-writable files issue. For brakeman gem versions 4.5.0 through 4.7.0, consider disabling the dependency on the ruby parser-legacy gem until a patch is available.