[RUBYSEC:RUBYGEMS-UPDATE-2019-8322] Escape sequence injection vulnerability in gem owner
Severity
High
Affected Packages
2
Unaffected Packages
1
Fixed Packages
2
CVEs
1
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem
owner command outputs the contents of the API response directly to stdout.
Therefore, if the response is crafted, escape sequence injection may occur.
Package | Affected Version |
---|---|
pkg:gem/rubygems-update | < 3.0.3 |
pkg:gem/rubygems-update | = 2.6 |
Package | Unaffected Version |
---|---|
pkg:gem/rubygems-update | < 2.6 |
Package | Fixed Version |
---|---|
pkg:gem/rubygems-update | = 2.7.9 |
pkg:gem/rubygems-update | >= 3.0.3 |
- ID
- RUBYSEC:RUBYGEMS-UPDATE-2019-8322
- Severity
- high
- URL
- https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
- Published
-
2019-03-05T00:00:00
(5 years ago) - Modified
-
2023-08-29T15:11:56
(12 months ago) - Rights
- RubySec Security Team
- Other Advisories
-
- ALAS-2019-1255
- ALAS2-2019-1249
- ALBA-2019:3384
- ALPINE:CVE-2019-8322
- DSA-4433-1
- ELSA-2019-1235
- FEDORA-2019-a155364f3c
- FEDORA-2019-feac6674b7
- FREEBSD:27B12D04-4722-11E9-8B7C-B5E01141761F
- openSUSE-SU-2019:1771-1
- RHBA-2019:3384
- RHSA-2019:1235
- RLBA-2019:3384
- SUSE-SU-2019:1804-1
- SUSE-SU-2020:1570-1
- USN-3945-1
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | GHSA-mh37-8c3g-3fgc | https://github.com/advisories/GHSA-mh37-8c3g-3fgc |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:gem/rubygems-update | rubygems-update | = 2.7.9 | ||||
Fixed | pkg:gem/rubygems-update | rubygems-update | >= 3.0.3 | ||||
Affected | pkg:gem/rubygems-update | rubygems-update | < 3.0.3 | ||||
Unaffected | pkg:gem/rubygems-update | rubygems-update | < 2.6 | ||||
Affected | pkg:gem/rubygems-update | rubygems-update | = 2.6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |