CVE-2022-36563

Name of the Vulnerable Software and Affected Versions Rubyinstaller2 versions 3.1.2 and below

Description The issue is related to incorrect access control in the install directory of Rubyinstaller2, specifically the C:RailsInstaller directory. This allows authenticated attackers to execute arbitrary code by overwriting binaries located in the directory.

Recommendations For versions 3.1.2 and below, consider restricting access to the C:RailsInstaller directory to prevent unauthorized modifications to the binaries until a fix is available. Additionally, monitor the directory for any suspicious activity and apply appropriate security measures to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.