CVE-2024-48992

Published November 19th, 2024

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.

liske/needrestart

Restart daemons after library updates.

GitHub

509