Lucene search
RedhatCVELIST:CVE-2013-0334HistoryOct 31, 2014 - 2:00 p.m.
CVE-2013-0334
2014-10-3114:00:00
redhat
www.cve.org
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
References
bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html
lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html
lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html
lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html
lists.opensuse.org/opensuse-updates/2015-03/msg00092.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/70099
security.gentoo.org/glsa/201609-02
Related
cve
cve
CVE-2013-0334
2014-10-31 14:55:02
CVE-2016-7954
2016-12-22 22:59:00
redhat
redhat
gentoo
gentoo
Bundler: Insecure installation
2016-09-26 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: rubygem-bundler-1.7.3-1.fc19
2014-10-12 05:02:47
[SECURITY] Fedora 20 Update: rubygem-bundler-1.7.3-1.fc20
2014-10-12 05:07:22
[SECURITY] Fedora 21 Update: rubygem-bundler-1.7.3-1.fc21
2014-10-12 05:07:35
ubuntucve
ubuntucve
CVE-2013-0334
2014-10-31 00:00:00
CVE-2016-7954
2016-12-22 00:00:00
nvd
nvd
CVE-2013-0334
2014-10-31 14:55:02
CVE-2016-7954
2016-12-22 22:59:00
openvas
openvas
RedHat Update for rubygem-bundler and rubygem-thor RHSA-2015:2180-07
2015-11-20 00:00:00
Fedora Update for rubygem-bundler FEDORA-2014-11630
2014-10-13 00:00:00
Fedora Update for rubygem-bundler FEDORA-2014-11649
2014-10-13 00:00:00
nessus
nessus
CentOS 7 : rubygem-bundler / rubygem-thor (CESA-2015:2180)
2015-12-02 00:00:00
RHEL 7 : rubygem-bundler and rubygem-thor (RHSA-2015:2180)
2015-11-19 00:00:00
Fedora 19 : rubygem-bundler-1.7.3-1.fc19 (2014-11649)
2014-10-12 00:00:00
centos
centos
rubygem security update
2015-11-30 19:51:23
debiancve
debiancve
CVE-2013-0334
2014-10-31 14:55:02
CVE-2016-7954
2016-12-22 22:59:00
github
github
Bundler may install gems from a different source than expected
2022-05-05 02:48:48
Bundler allows attacker to inject arbitrary code via secondary Gem source
2022-05-14 00:57:16
oraclelinux
oraclelinux
rubygem-bundler and rubygem-thor security, bug fix, and enhancement update
2015-11-23 00:00:00
osv
osv
Bundler may install gems from a different source than expected
2022-05-05 02:48:48
Bundler allows attacker to inject arbitrary code via secondary Gem source
2022-05-14 00:57:16
prion
prion
Code injection
2014-10-31 14:55:00
Design/Logic Flaw
2016-12-22 22:59:00
rubygems
rubygems
redhatcve
redhatcve
CVE-2016-7954
2016-10-05 12:47:20
cvelist
cvelist
CVE-2016-7954
2016-12-22 22:00:00