[FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F] RubyGems -- multiple vulnerabilities
Severity
High
Affected Packages
1
CVEs
6
RubyGems Security Advisories:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in 'verbose'
CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner'
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Package | Affected Version |
---|---|
pkg:freebsd/ruby23-gems | < 3.0.2 |
- ID
- FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F
- Severity
- high
- Severity from
- CVE-2019-8324
- URL
- http://vuxml.freebsd.org/freebsd/27b12d04-4722-11e9-8b7c-b5e01141761f.html
- Published
-
2019-03-05T00:00:00
(5 years ago) - Modified
-
2019-03-15T00:00:00
(5 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2019-1255
- ALAS2-2019-1249
- ALBA-2019:3384
- ALPINE:CVE-2019-8320
- ALPINE:CVE-2019-8321
- ALPINE:CVE-2019-8322
- ALPINE:CVE-2019-8323
- ALPINE:CVE-2019-8324
- ALPINE:CVE-2019-8325
- ALSA-2019:1972
- DSA-4433-1
- ELSA-2019-1235
- ELSA-2019-1972
- FEDORA-2019-a155364f3c
- FEDORA-2019-feac6674b7
- openSUSE-SU-2019:1771-1
- RHBA-2019:3384
- RHSA-2019:1235
- RHSA-2019:1972
- RLBA-2019:3384
- RLSA-2019:1972
- RUBYSEC:RUBYGEMS-UPDATE-2019-8320
- RUBYSEC:RUBYGEMS-UPDATE-2019-8321
- RUBYSEC:RUBYGEMS-UPDATE-2019-8322
- RUBYSEC:RUBYGEMS-UPDATE-2019-8323
- RUBYSEC:RUBYGEMS-UPDATE-2019-8324
- RUBYSEC:RUBYGEMS-UPDATE-2019-8325
- SUSE-SU-2019:1804-1
- SUSE-SU-2020:1570-1
- USN-3945-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html | ||
FreeBSD VuXML | https://github.com/rubygems/rubygems/blob/master/History.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/ruby23-gems | ruby23-gems | < 3.0.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |