1. Home
  2. Vulnerabilities
  3. CVE-2016-7954

CVE-2016-7954

CVSS v3.0 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.88 % (83th)
0.88% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2016-12-22 22:59:00
(7 years ago)
Updated Date
2019-07-02 14:55:57
(5 years ago)

Affected Products

Bundler

Configuration #1

    CPE23 From Up To
  Bundler 1.0.0 cpe:2.3:a:bundler:bundler:1.0.0
  Bundler 1.0.0 Beta1 cpe:2.3:a:bundler:bundler:1.0.0:beta1
  Bundler 1.0.0 Beta10 cpe:2.3:a:bundler:bundler:1.0.0:beta10
  Bundler 1.0.0 Beta6 cpe:2.3:a:bundler:bundler:1.0.0:beta6
  Bundler 1.0.0 Beta7 cpe:2.3:a:bundler:bundler:1.0.0:beta7
  Bundler 1.0.0 Beta8 cpe:2.3:a:bundler:bundler:1.0.0:beta8
  Bundler 1.0.0 Beta9 cpe:2.3:a:bundler:bundler:1.0.0:beta9
  Bundler 1.0.0 Rc1 cpe:2.3:a:bundler:bundler:1.0.0:rc1
  Bundler 1.0.0 Rc2 cpe:2.3:a:bundler:bundler:1.0.0:rc2
  Bundler 1.0.0 Rc3 cpe:2.3:a:bundler:bundler:1.0.0:rc3
  Bundler 1.0.0 Rc4 cpe:2.3:a:bundler:bundler:1.0.0:rc4
  Bundler 1.0.0 Rc5 cpe:2.3:a:bundler:bundler:1.0.0:rc5
  Bundler 1.0.0 Rc6 cpe:2.3:a:bundler:bundler:1.0.0:rc6
  Bundler 1.0.1 cpe:2.3:a:bundler:bundler:1.0.1
  Bundler 1.0.2 cpe:2.3:a:bundler:bundler:1.0.2
  Bundler 1.0.3 cpe:2.3:a:bundler:bundler:1.0.3
  Bundler 1.0.4 cpe:2.3:a:bundler:bundler:1.0.4
  Bundler 1.0.5 cpe:2.3:a:bundler:bundler:1.0.5
  Bundler 1.0.6 cpe:2.3:a:bundler:bundler:1.0.6
  Bundler 1.0.7 cpe:2.3:a:bundler:bundler:1.0.7
  Bundler 1.0.8 cpe:2.3:a:bundler:bundler:1.0.8
  Bundler 1.0.9 cpe:2.3:a:bundler:bundler:1.0.9
  Bundler 1.0.10 cpe:2.3:a:bundler:bundler:1.0.10
  Bundler 1.0.11 cpe:2.3:a:bundler:bundler:1.0.11
  Bundler 1.0.12 cpe:2.3:a:bundler:bundler:1.0.12
  Bundler 1.0.13 cpe:2.3:a:bundler:bundler:1.0.13
  Bundler 1.0.14 cpe:2.3:a:bundler:bundler:1.0.14
  Bundler 1.0.15 cpe:2.3:a:bundler:bundler:1.0.15
  Bundler 1.0.16 cpe:2.3:a:bundler:bundler:1.0.16
  Bundler 1.0.17 cpe:2.3:a:bundler:bundler:1.0.17
  Bundler 1.0.18 cpe:2.3:a:bundler:bundler:1.0.18
  Bundler 1.0.19 Rc cpe:2.3:a:bundler:bundler:1.0.19:rc
  Bundler 1.0.20 cpe:2.3:a:bundler:bundler:1.0.20
  Bundler 1.0.20 Rc cpe:2.3:a:bundler:bundler:1.0.20:rc
  Bundler 1.0.21 cpe:2.3:a:bundler:bundler:1.0.21
  Bundler 1.0.21 Rc cpe:2.3:a:bundler:bundler:1.0.21:rc
  Bundler 1.1 Pre cpe:2.3:a:bundler:bundler:1.1:pre
  Bundler 1.1 Pre1 cpe:2.3:a:bundler:bundler:1.1:pre1
  Bundler 1.1 Pre10 cpe:2.3:a:bundler:bundler:1.1:pre10
  Bundler 1.1 Pre2 cpe:2.3:a:bundler:bundler:1.1:pre2
  Bundler 1.1 Pre3 cpe:2.3:a:bundler:bundler:1.1:pre3
  Bundler 1.1 Pre4 cpe:2.3:a:bundler:bundler:1.1:pre4
  Bundler 1.1 Pre5 cpe:2.3:a:bundler:bundler:1.1:pre5
  Bundler 1.1 Pre6 cpe:2.3:a:bundler:bundler:1.1:pre6
  Bundler 1.1 Pre7 cpe:2.3:a:bundler:bundler:1.1:pre7
  Bundler 1.1 Pre8 cpe:2.3:a:bundler:bundler:1.1:pre8
  Bundler 1.1 Pre9 cpe:2.3:a:bundler:bundler:1.1:pre9
  Bundler 1.1 Rc cpe:2.3:a:bundler:bundler:1.1:rc
  Bundler 1.1 Rc2 cpe:2.3:a:bundler:bundler:1.1:rc2
  Bundler 1.1 Rc3 cpe:2.3:a:bundler:bundler:1.1:rc3
  Bundler 1.1 Rc4 cpe:2.3:a:bundler:bundler:1.1:rc4
  Bundler 1.1 Rc5 cpe:2.3:a:bundler:bundler:1.1:rc5
  Bundler 1.1 Rc6 cpe:2.3:a:bundler:bundler:1.1:rc6
  Bundler 1.1 Rc7 cpe:2.3:a:bundler:bundler:1.1:rc7
  Bundler 1.1 Rc8 cpe:2.3:a:bundler:bundler:1.1:rc8
  Bundler 1.1.0 cpe:2.3:a:bundler:bundler:1.1.0
  Bundler 1.1.1 cpe:2.3:a:bundler:bundler:1.1.1
  Bundler 1.1.2 cpe:2.3:a:bundler:bundler:1.1.2
  Bundler 1.1.3 cpe:2.3:a:bundler:bundler:1.1.3
  Bundler 1.1.4 cpe:2.3:a:bundler:bundler:1.1.4
  Bundler 1.1.5 cpe:2.3:a:bundler:bundler:1.1.5
  Bundler 1.2.0 cpe:2.3:a:bundler:bundler:1.2.0
  Bundler 1.2.0 Pre cpe:2.3:a:bundler:bundler:1.2.0:pre
  Bundler 1.2.0 Pre1 cpe:2.3:a:bundler:bundler:1.2.0:pre1
  Bundler 1.2.0 Rc cpe:2.3:a:bundler:bundler:1.2.0:rc
  Bundler 1.2.0 Rc2 cpe:2.3:a:bundler:bundler:1.2.0:rc2
  Bundler 1.2.1 cpe:2.3:a:bundler:bundler:1.2.1
  Bundler 1.2.2 cpe:2.3:a:bundler:bundler:1.2.2
  Bundler 1.2.3 cpe:2.3:a:bundler:bundler:1.2.3
  Bundler 1.2.4 cpe:2.3:a:bundler:bundler:1.2.4
  Bundler 1.2.5 cpe:2.3:a:bundler:bundler:1.2.5
  Bundler 1.3.0 cpe:2.3:a:bundler:bundler:1.3.0
  Bundler 1.3.0 Pre cpe:2.3:a:bundler:bundler:1.3.0:pre
  Bundler 1.3.0 Pre2 cpe:2.3:a:bundler:bundler:1.3.0:pre2
  Bundler 1.3.0 Pre3 cpe:2.3:a:bundler:bundler:1.3.0:pre3
  Bundler 1.3.0 Pre4 cpe:2.3:a:bundler:bundler:1.3.0:pre4
  Bundler 1.3.0 Pre5 cpe:2.3:a:bundler:bundler:1.3.0:pre5
  Bundler 1.3.0 Pre6 cpe:2.3:a:bundler:bundler:1.3.0:pre6
  Bundler 1.3.0 Pre7 cpe:2.3:a:bundler:bundler:1.3.0:pre7
  Bundler 1.3.0 Pre8 cpe:2.3:a:bundler:bundler:1.3.0:pre8
  Bundler 1.3.1 cpe:2.3:a:bundler:bundler:1.3.1
  Bundler 1.3.2 cpe:2.3:a:bundler:bundler:1.3.2
  Bundler 1.3.3 cpe:2.3:a:bundler:bundler:1.3.3
  Bundler 1.3.4 cpe:2.3:a:bundler:bundler:1.3.4
  Bundler 1.3.5 cpe:2.3:a:bundler:bundler:1.3.5
  Bundler 1.3.6 cpe:2.3:a:bundler:bundler:1.3.6
  Bundler 1.4.0 Pre1 cpe:2.3:a:bundler:bundler:1.4.0:pre1
  Bundler 1.4.0 Rc1 cpe:2.3:a:bundler:bundler:1.4.0:rc1
  Bundler 1.5.0 cpe:2.3:a:bundler:bundler:1.5.0
  Bundler 1.5.0 Rc1 cpe:2.3:a:bundler:bundler:1.5.0:rc1
  Bundler 1.5.0 Rc2 cpe:2.3:a:bundler:bundler:1.5.0:rc2
  Bundler 1.5.1 cpe:2.3:a:bundler:bundler:1.5.1
  Bundler 1.5.2 cpe:2.3:a:bundler:bundler:1.5.2
  Bundler 1.5.3 cpe:2.3:a:bundler:bundler:1.5.3
  Bundler 1.6.0 cpe:2.3:a:bundler:bundler:1.6.0
  Bundler 1.6.1 cpe:2.3:a:bundler:bundler:1.6.1
  Bundler 1.6.2 cpe:2.3:a:bundler:bundler:1.6.2
  Bundler 1.6.3 cpe:2.3:a:bundler:bundler:1.6.3
  Bundler 1.6.4 cpe:2.3:a:bundler:bundler:1.6.4
  Bundler 1.6.5 cpe:2.3:a:bundler:bundler:1.6.5
  Bundler 1.6.6 cpe:2.3:a:bundler:bundler:1.6.6
  Bundler 1.6.7 cpe:2.3:a:bundler:bundler:1.6.7
  Bundler 1.7.0 cpe:2.3:a:bundler:bundler:1.7.0
  Bundler 1.7.1 cpe:2.3:a:bundler:bundler:1.7.1
  Bundler 1.7.2 cpe:2.3:a:bundler:bundler:1.7.2
  Bundler 1.7.3 cpe:2.3:a:bundler:bundler:1.7.3
  Bundler 1.7.4 cpe:2.3:a:bundler:bundler:1.7.4
  Bundler 1.7.5 cpe:2.3:a:bundler:bundler:1.7.5
  Bundler 1.7.6 cpe:2.3:a:bundler:bundler:1.7.6
  Bundler 1.7.7 cpe:2.3:a:bundler:bundler:1.7.7
  Bundler 1.7.8 cpe:2.3:a:bundler:bundler:1.7.8
  Bundler 1.7.9 cpe:2.3:a:bundler:bundler:1.7.9
  Bundler 1.7.10 cpe:2.3:a:bundler:bundler:1.7.10
  Bundler 1.7.11 cpe:2.3:a:bundler:bundler:1.7.11
  Bundler 1.7.12 cpe:2.3:a:bundler:bundler:1.7.12
  Bundler 1.7.13 cpe:2.3:a:bundler:bundler:1.7.13
  Bundler 1.7.14 cpe:2.3:a:bundler:bundler:1.7.14
  Bundler 1.7.15 cpe:2.3:a:bundler:bundler:1.7.15
  Bundler 1.8.0 cpe:2.3:a:bundler:bundler:1.8.0
  Bundler 1.8.0 Pre cpe:2.3:a:bundler:bundler:1.8.0:pre
  Bundler 1.8.0 Rc cpe:2.3:a:bundler:bundler:1.8.0:rc
  Bundler 1.8.1 cpe:2.3:a:bundler:bundler:1.8.1
  Bundler 1.8.2 cpe:2.3:a:bundler:bundler:1.8.2
  Bundler 1.8.3 cpe:2.3:a:bundler:bundler:1.8.3
  Bundler 1.8.4 cpe:2.3:a:bundler:bundler:1.8.4
  Bundler 1.8.5 cpe:2.3:a:bundler:bundler:1.8.5
  Bundler 1.8.6 cpe:2.3:a:bundler:bundler:1.8.6
  Bundler 1.8.7 cpe:2.3:a:bundler:bundler:1.8.7
  Bundler 1.8.8 cpe:2.3:a:bundler:bundler:1.8.8
  Bundler 1.8.9 cpe:2.3:a:bundler:bundler:1.8.9
  Bundler 1.9.0 cpe:2.3:a:bundler:bundler:1.9.0
  Bundler 1.9.0 Pre cpe:2.3:a:bundler:bundler:1.9.0:pre
  Bundler 1.9.0 Pre1 cpe:2.3:a:bundler:bundler:1.9.0:pre1
  Bundler 1.9.0 Rc cpe:2.3:a:bundler:bundler:1.9.0:rc
  Bundler 1.9.1 cpe:2.3:a:bundler:bundler:1.9.1
  Bundler 1.9.2 cpe:2.3:a:bundler:bundler:1.9.2
  Bundler 1.9.3 cpe:2.3:a:bundler:bundler:1.9.3
  Bundler 1.9.4 cpe:2.3:a:bundler:bundler:1.9.4
  Bundler 1.9.5 cpe:2.3:a:bundler:bundler:1.9.5
  Bundler 1.9.6 cpe:2.3:a:bundler:bundler:1.9.6
  Bundler 1.9.7 cpe:2.3:a:bundler:bundler:1.9.7
  Bundler 1.9.8 cpe:2.3:a:bundler:bundler:1.9.8
  Bundler 1.9.9 cpe:2.3:a:bundler:bundler:1.9.9
  Bundler 1.9.10 cpe:2.3:a:bundler:bundler:1.9.10
  Bundler 1.10.0 cpe:2.3:a:bundler:bundler:1.10.0
  Bundler 1.10.0 Pre cpe:2.3:a:bundler:bundler:1.10.0:pre
  Bundler 1.10.0 Pre1 cpe:2.3:a:bundler:bundler:1.10.0:pre1
  Bundler 1.10.0 Pre2 cpe:2.3:a:bundler:bundler:1.10.0:pre2
  Bundler 1.10.0 Rc cpe:2.3:a:bundler:bundler:1.10.0:rc
  Bundler 1.10.1 cpe:2.3:a:bundler:bundler:1.10.1
  Bundler 1.10.2 cpe:2.3:a:bundler:bundler:1.10.2
  Bundler 1.10.3 cpe:2.3:a:bundler:bundler:1.10.3
  Bundler 1.10.4 cpe:2.3:a:bundler:bundler:1.10.4
  Bundler 1.10.5 cpe:2.3:a:bundler:bundler:1.10.5
  Bundler 1.10.6 cpe:2.3:a:bundler:bundler:1.10.6
  Bundler 1.11.0 cpe:2.3:a:bundler:bundler:1.11.0
  Bundler 1.11.0 Pre1 cpe:2.3:a:bundler:bundler:1.11.0:pre1
  Bundler 1.11.0 Pre2 cpe:2.3:a:bundler:bundler:1.11.0:pre2
  Bundler 1.11.1 cpe:2.3:a:bundler:bundler:1.11.1
  Bundler 1.11.2 cpe:2.3:a:bundler:bundler:1.11.2
  Bundler 1.12.0 cpe:2.3:a:bundler:bundler:1.12.0
  Bundler 1.12.0 Pre1 cpe:2.3:a:bundler:bundler:1.12.0:pre1
  Bundler 1.12.0 Pre2 cpe:2.3:a:bundler:bundler:1.12.0:pre2
  Bundler 1.12.0 Rc cpe:2.3:a:bundler:bundler:1.12.0:rc
  Bundler 1.12.0 Rc2 cpe:2.3:a:bundler:bundler:1.12.0:rc2
  Bundler 1.12.0 Rc3 cpe:2.3:a:bundler:bundler:1.12.0:rc3
  Bundler 1.12.0 Rc4 cpe:2.3:a:bundler:bundler:1.12.0:rc4
  Bundler 1.12.1 cpe:2.3:a:bundler:bundler:1.12.1
  Bundler 1.12.2 cpe:2.3:a:bundler:bundler:1.12.2
  Bundler 1.12.3 cpe:2.3:a:bundler:bundler:1.12.3
  Bundler 1.12.4 cpe:2.3:a:bundler:bundler:1.12.4
  Bundler 1.12.5 cpe:2.3:a:bundler:bundler:1.12.5
  Bundler 1.12.6 cpe:2.3:a:bundler:bundler:1.12.6
  Bundler 1.13.0 cpe:2.3:a:bundler:bundler:1.13.0
  Bundler 1.13.0 Pre1 cpe:2.3:a:bundler:bundler:1.13.0:pre1
  Bundler 1.13.0 Rc1 cpe:2.3:a:bundler:bundler:1.13.0:rc1
  Bundler 1.13.0 Rc2 cpe:2.3:a:bundler:bundler:1.13.0:rc2
  Bundler 1.13.1 cpe:2.3:a:bundler:bundler:1.13.1
  Bundler 1.13.2 cpe:2.3:a:bundler:bundler:1.13.2
  Bundler 1.13.3 cpe:2.3:a:bundler:bundler:1.13.3
  Bundler 1.13.4 cpe:2.3:a:bundler:bundler:1.13.4
  Bundler 1.13.5 cpe:2.3:a:bundler:bundler:1.13.5
  Bundler 1.13.6 cpe:2.3:a:bundler:bundler:1.13.6