{"vulnerability": "CVE-2019-3881", "sightings": [{"uuid": "bca37433-d193-445f-8502-387fbc9e3c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3881", "type": "seen", "source": "https://t.me/cibsecurity/14482", "content": "ATENTION\u203c New - CVE-2019-3881\n\nBundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-04T16:55:36.000000Z"}]}