Title: jspec-steventux 3.3.2.1 /tmp vulnerability
Author: Larry W. Cashdollar, @_larry0
Download: http://rubygems.org/gems/jspec-steventux
Description: "JSpec is a minimalistic JavaScript behavior driven development framework, providing simple installation, extremely low learning curve, absolutely no pollution to core prototypes, async request support, and incredibly sexy syntax, tons of matchers and much more."
jspec-steventux-3.3.2.1/src/installables.rb:
145 def install 146 say "... fetching #{uri}"; `curl #{uri} -o /tmp/rhino.zip 2> /dev/nu ll` 147 say "... decompressing"; `unzip /tmp/rhino.zip -d /tmp` 148 say "... installing to #{path}"; `mv /tmp/rhino1_7R2/js.jar #{path}` 149 end
Vendor: Not notified, I don't think this code is maintained any longer.