[FREEBSD:2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206] rubygems -- deserialization vulnerability

Severity Critical

Affected Packages 1

CVEs 1

oss-security mailing list:

  There is a possible unsafe object desrialization vulnerability in
    RubyGems. It is possible for YAML deserialization of gem specifications
    to bypass class white lists. Specially crafted serialized objects can
    possibly be used to escalate to remote code execution.

Package	Affected Version
pkg:freebsd/ruby22-gems	< 2.6.14

ID

FREEBSD:2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206

Severity

critical

Severity from

CVE-2017-0903

URL

http://vuxml.freebsd.org/freebsd/2c8bd00d-ada2-11e7-82af-8dbff7d75206.html

Published

2017-10-09T00:00:00
(7 years ago)

Modified

2017-10-10T00:00:00
(7 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://www.openwall.com/lists/oss-security/2017/10/10/2
FreeBSD VuXML			http://blog.rubygems.org/2017/10/09/2.6.14-released.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/ruby22-gems		ruby22-gems	< 2.6.14

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date