1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4870-1

[USN-4870-1] Bundler vulnerability

Severity High
Affected Packages 2
CVEs 1
Info Packages Vulnerabilities

Bundler could be made to crash or run malicious programs.

It was discovered that Bundler incorrectly created directories with
insecure permissions in /tmp. An attacker could write malicious libraries
to this location for later execution.

Package Affected Version
pkg:deb/ubuntu/ruby-bundler?distro=bionic < 1.16.1-1ubuntu0.1~esm1
pkg:deb/ubuntu/bundler?distro=bionic < 1.16.1-1ubuntu0.1~esm1
ID
USN-4870-1
Severity
high
Severity from
CVE-2019-3881
URL
https://ubuntu.com/security/notices/USN-4870-1
Published
2021-03-15T22:59:20
(3 years ago)
Modified
2021-03-15T22:59:20
(3 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ruby-bundler?distro=bionic ubuntu ruby-bundler < 1.16.1-1ubuntu0.1~esm1 bionic
Affected pkg:deb/ubuntu/bundler?distro=bionic ubuntu bundler < 1.16.1-1ubuntu0.1~esm1 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date