CVE-2024-28862 (rotp): ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

Ruby Security Advisory

The Ruby One Time Password library (ROTP) is an open source library
for generating and validating one time passwords. Affected versions
had overly permissive default permissions. Users should patch to
version 6.3.0. Users unable to patch may correct file permissions
after installation.


Leave a Reply

Your email address will not be published. Required fields are marked *