Skip to content

[SECURITY] gem installs files world-writeable

The gem has the following files world writeable:

/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/Gemfile.lock
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/Rakefile
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/lib/gitlab-sdk/current_user.rb
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/.rubocop.yml
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/lib/gitlab-sdk.rb
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/lib/gitlab-sdk/version.rb
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/Gemfile
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/lib/gitlab-sdk/client.rb
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/README.md
/usr/local/lib/ruby/gems/3.1/gems/gitlab-sdk-0.2.5/.rspec

This is a similar issue like: gitlab-org/ruby/gems/prometheus-client-mmap#60 (closed)