Do your applications use this vulnerable package?
- Snyk ID SNYK-GOLANG-GITHUBCOMGITHUBHUB-50036
- published 13 Apr 2014
- disclosed 13 Apr 2014
- credit Unknown
Affected version of
github.com/github/hub are vulnerable to Arbitrary File Overwrite.
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.