1. Home
  2. Security Advisories
  3. Ruby (Gems)
  4. RUBYSEC:RUBYGEMS-UPDATE-2019-8321

[RUBYSEC:RUBYGEMS-UPDATE-2019-8321] Escape sequence injection vulnerability in verbose

Severity High
Affected Packages 2
Unaffected Packages 1
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since
Gem::UserInteraction#verbose calls say without escaping, escape sequence
injection is possible.

Package Affected Version
pkg:gem/rubygems-update < 3.0.3
pkg:gem/rubygems-update = 2.6
Package Unaffected Version
pkg:gem/rubygems-update < 2.6
Package Fixed Version
pkg:gem/rubygems-update >= 3.0.3
pkg:gem/rubygems-update = 2.7.9
ID
RUBYSEC:RUBYGEMS-UPDATE-2019-8321
Severity
high
URL
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
Published
2019-03-05T00:00:00
(5 years ago)
Modified
2023-05-03T23:49:55
(16 months ago)
Rights
RubySec Security Team
Other Advisories
Source # ID Name URL
Security Advisory GHSA-fr32-gr5c-xq5c https://github.com/advisories/GHSA-fr32-gr5c-xq5c
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:gem/rubygems-update rubygems-update >= 3.0.3
Affected pkg:gem/rubygems-update rubygems-update < 3.0.3
Fixed pkg:gem/rubygems-update rubygems-update = 2.7.9
Unaffected pkg:gem/rubygems-update rubygems-update < 2.6
Affected pkg:gem/rubygems-update rubygems-update = 2.6
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date