FLAT-T749U – Vulnerability | Fluid Attacks Database

Database

Description

arbitrary command execution

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	rubygems	>=0 <3.3.5-1	3.3.5-1
rubygems	bundler	>=0 <2.2.33	2.2.33
debian 12	rubygems	>=0 <3.3.5-1	3.3.5-1
debian 11	rubygems	=3.2.5-2 \|\| >=0 <3.2.5-2+deb11u1	3.2.5-2+deb11u1
debian 13	rubygems	>=0 <3.3.5-1	3.3.5-1
alpine v3.15	ruby-bundler	=1.12.1-r0 \|\| =1.12.4-r0 \|\| =1.12.4-r1 \|\| =1.12.5-r0 \|\| =1.13.1-r0 \|\| =1.13.2-r0 \|\| =1.13.3-r0 \|\| =1.13.4-r0 \|\| =1.13.7-r0 \|\| =1.14.0-r0 \|\| =1.14.1-r0 \|\| =1.14.3-r0 \|\| =1.14.4-r0 \|\| =1.14.4-r1 \|\| =1.14.5-r0 \|\| =1.14.6-r0 \|\| =1.15.0-r0 \|\| =1.15.1-r0 \|\| =1.15.2-r0 \|\| =1.15.3-r0 \|\| =1.15.4-r0 \|\| =1.16.0-r0 \|\| =1.16.1-r0 \|\| =1.16.1-r1 \|\| =1.16.2-r0 \|\| =1.16.3-r0 \|\| =1.16.3-r1 \|\| =1.16.4-r0 \|\| =1.16.5-r0 \|\| =1.17.1-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.4-r0 \|\| =2.1.4-r1 \|\| =2.2.0-r0 \|\| =2.2.1-r0 \|\| =2.2.15-r0 \|\| =2.2.16-r0 \|\| =2.2.17-r0 \|\| =2.2.18-r0 \|\| =2.2.19-r0 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.20-r0 \|\| =2.2.21-r0 \|\| =2.2.23-r0 \|\| =2.2.24-r0 \|\| =2.2.26-r0 \|\| =2.2.27-r0 \|\| =2.2.29-r0 \|\| =2.2.30-r0 \|\| =2.2.31-r0 \|\| >=0 <2.2.33-r0	2.2.33-r0
rpm rhel7	rubygem-bundler	-	-
rpm rhel8	ruby	<0:2.5.9-114.module+el8.10.0+23088+750dc6ca	0:2.5.9-114.module+el8.10.0+23088+750dc6ca
alpm rolling_release	ruby-bundler	>=2.2.26-1	-

Aliases

1. CVE-2021-438092. NVD-2021-438093. OSV-DEBIAN-2021-438094. OSV-2021-438095. OSV-ALPINE-2021-438096. GHSA-fj7f-vq84-fh437. GCVE-2021-438098. SECURITY-TRACKER-CVE-2021-438099. lists.debian.org10. SECURITY-CVE-2021-43809

References

1. https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh432. https://github.com/rubygems/rubygems/pull/51423. https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d34. https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f5. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml6. https://www.sonarsource.com/blog/securing-developer-tools-package-managers