CVE-2024-32978

Name of the Vulnerable Software and Affected Versions Kaminari versions prior to 0.16.2

Description A security issue involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails. This issue is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library, which could lead to the alteration of application behavior or data integrity issues.

Recommendations For versions prior to 0.16.2, update to Kaminari version 0.16.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, manually adjust the file permissions on the server to restrict access, setting them to 644. Consider reviewing and adjusting the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized users.