[FREEBSD:2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206] rubygems -- deserialization vulnerability
Severity
Critical
Affected Packages
1
CVEs
1
oss-security mailing list:
There is a possible unsafe object desrialization vulnerability in
RubyGems. It is possible for YAML deserialization of gem specifications
to bypass class white lists. Specially crafted serialized objects can
possibly be used to escalate to remote code execution.
Package | Affected Version |
---|---|
pkg:freebsd/ruby22-gems | < 2.6.14 |
- ID
- FREEBSD:2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206
- Severity
- critical
- Severity from
- CVE-2017-0903
- URL
- http://vuxml.freebsd.org/freebsd/2c8bd00d-ada2-11e7-82af-8dbff7d75206.html
- Published
-
2017-10-09T00:00:00
(7 years ago) - Modified
-
2017-10-10T00:00:00
(7 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://www.openwall.com/lists/oss-security/2017/10/10/2 | ||
FreeBSD VuXML | http://blog.rubygems.org/2017/10/09/2.6.14-released.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/ruby22-gems | ruby22-gems | < 2.6.14 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |