CVE-2019-8322 – rubygems-update

Package

Manager: gem
Name: rubygems-update
Vulnerable Version: >=2.6.0 <2.7.9 || >=3.0.0 <3.0.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00254 pctl0.48598

Details

RubyGems Escape sequence injection vulnerability in gem owner An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

Metadata

Created: 2019-06-20T16:06:00Z
Modified: 2023-08-28T13:22:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-mh37-8c3g-3fgc/GHSA-mh37-8c3g-3fgc.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-mh37-8c3g-3fgc
Finding: F184
Auto approve: 1