How severe is CVE-2019-8320?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-8320?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2019-8320 - HIGH Severity | CVSS 7.4

Vulnerability Description

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.

Related Vulnerabilities

CVE-2016-2087

HIGH

CVSS:7.4(High)

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

CWE-222016

CVE-2019-5624

HIGH

CVSS:7.4(High)

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this...

CWE-222019

CVE-2021-20218

HIGH

CVSS:7.4(High)

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to ext...

CWE-222021

CVE-2023-2316

HIGH

CVSS:7.4(High)

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vul...

CWE-222023

CVE-2024-29180

HIGH

CVSS:7.4(High)

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is ...

CWE-222024

CVE-2024-47027

HIGH

CVSS:7.4(High)

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no add...

CWE-222024