CVE-2007-0469

Name of the Vulnerable Software and Affected Versions RubyGems versions prior to 0.9.1

Description The issue concerns the extract files function in installer.rb, which does not check whether files exist before overwriting them. This allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

Recommendations For RubyGems versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the extract files function in installer.rb to minimize the risk of exploitation. Avoid using crafted GEM packages until the issue is resolved.