[FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F] RubyGems -- multiple vulnerabilities

Severity High

Affected Packages 1

CVEs 6

RubyGems Security Advisories:

  CVE-2019-8320: Delete directory using symlink when decompressing tar
  CVE-2019-8321: Escape sequence injection vulnerability in 'verbose'
  CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner'
  CVE-2019-8323: Escape sequence injection vulnerability in API response handling
  CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
  CVE-2019-8325: Escape sequence injection vulnerability in errors

Package	Affected Version
pkg:freebsd/ruby23-gems	< 3.0.2

ID

FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F

Severity

high

Severity from

CVE-2019-8324

URL

http://vuxml.freebsd.org/freebsd/27b12d04-4722-11e9-8b7c-b5e01141761f.html

Published

2019-03-05T00:00:00
(5 years ago)

Modified

2019-03-15T00:00:00
(5 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
FreeBSD VuXML			https://github.com/rubygems/rubygems/blob/master/History.txt

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/ruby23-gems		ruby23-gems	< 3.0.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date