Maxfell

**Name of the Vulnerable Software and Affected Versions** Active Support versions 5.2.0 through 7.0.7.0 Active Support versions 6.1.7.4 and earlier **Description** The issue arises from `ActiveSupport::EncryptedFile` writing contents to a temporary file with permissions defaulted to the user's current `umask` settings. This allows other users on the same system to potentially read the contents of the temporary file. Attackers with access to the file system could exploit this to read the contents of the temporary file while a user is editing it. **Recommendations** For Active Support versions 5.2.0 through 7.0.7.0, upgrade to version 7.0.7.1. For Active Support versions 6.1.7.4 and earlier, upgrade to version 6.1.7.5. As a temporary workaround, consider setting the `umask` to be more restrictive, such as `umask 0077`, to minimize the risk of exploitation.