CVE-2014-4994

Name of the Vulnerable Software and Affected Versions gyazo gem version 1.0.0

Description The issue allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. This is due to a problem in the lib/gyazo/client.rb file.

Recommendations For gyazo gem version 1.0.0, consider restricting access to temporary files created by the lib/gyazo/client.rb file to prevent a symlink attack. As a temporary workaround, avoid using time-based filenames in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.