CVE-2022-36562

Name of the Vulnerable Software and Affected Versions Rubyinstaller2 versions 3.1.2 and below

Description The issue is related to incorrect access control in the install directory of Rubyinstaller2, specifically the C:Ruby31-x64 directory. This allows authenticated attackers to execute arbitrary code by overwriting binaries located in the directory.

Recommendations For Rubyinstaller2 versions 3.1.2 and below, consider restricting access to the install directory to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor the directory for any suspicious activity and ensure that only authorized personnel have access to it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.