Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
References
Configurations
No configuration.
History
No history.
Information
Published : 2024-11-19 18:15
Updated : 2024-12-03 14:15
NVD link : CVE-2024-48992
Mitre link : CVE-2024-48992
CVE.ORG link : CVE-2024-48992
JSON object : View
Products Affected
No product.
CWE
CWE-427
Uncontrolled Search Path Element