[USN-4870-1] Bundler vulnerability
Severity
High
Affected Packages
2
CVEs
1
Bundler could be made to crash or run malicious programs.
It was discovered that Bundler incorrectly created directories with
insecure permissions in /tmp. An attacker could write malicious libraries
to this location for later execution.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/ruby-bundler?distro=bionic | < 1.16.1-1ubuntu0.1~esm1 |
pkg:deb/ubuntu/bundler?distro=bionic | < 1.16.1-1ubuntu0.1~esm1 |
- ID
- USN-4870-1
- Severity
- high
- Severity from
- CVE-2019-3881
- URL
- https://ubuntu.com/security/notices/USN-4870-1
- Published
-
2021-03-15T22:59:20
(3 years ago) - Modified
-
2021-03-15T22:59:20
(3 years ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/ruby-bundler?distro=bionic | ubuntu | ruby-bundler | < 1.16.1-1ubuntu0.1~esm1 | bionic | ||
Affected | pkg:deb/ubuntu/bundler?distro=bionic | ubuntu | bundler | < 1.16.1-1ubuntu0.1~esm1 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |