[RUBYSEC:RUBYGEMS-UPDATE-2019-8322] Escape sequence injection vulnerability in gem owner

Severity High

Affected Packages 2

Unaffected Packages 1

Fixed Packages 2

CVEs 1

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem
owner command outputs the contents of the API response directly to stdout.
Therefore, if the response is crafted, escape sequence injection may occur.

Package	Affected Version
pkg:gem/rubygems-update	< 3.0.3
pkg:gem/rubygems-update	= 2.6

Package	Unaffected Version
pkg:gem/rubygems-update	< 2.6

Package	Fixed Version
pkg:gem/rubygems-update	= 2.7.9
pkg:gem/rubygems-update	>= 3.0.3

ID

RUBYSEC:RUBYGEMS-UPDATE-2019-8322

Severity

high

URL

https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html

Published

2019-03-05T00:00:00
(5 years ago)

Modified

2023-08-29T15:11:56
(12 months ago)

Rights

RubySec Security Team

Other Advisories

Source	# ID	Name	URL
Security Advisory	GHSA-mh37-8c3g-3fgc		https://github.com/advisories/GHSA-mh37-8c3g-3fgc

Type	Package URL	Name / Product	Version
Fixed	pkg:gem/rubygems-update	rubygems-update	= 2.7.9
Fixed	pkg:gem/rubygems-update	rubygems-update	>= 3.0.3
Affected	pkg:gem/rubygems-update	rubygems-update	< 3.0.3
Unaffected	pkg:gem/rubygems-update	rubygems-update	< 2.6
Affected	pkg:gem/rubygems-update	rubygems-update	= 2.6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date