An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

hackerone.com/reports/317330

lists.debian.org/debian-lts-announce/2020/08/msg00027.html

openvas 14

alpinelinux 1

nvd 1

cve 1

redhatcve 1

osv 6

nessus 18

veracode 1

github 1

prion 1

debiancve 1

ubuntucve 1

centos 1

oraclelinux 2

rocky 1

redhat 5

fedora 2

debian 3

cloudfoundry 1

amazon 1

freebsd 1

ubuntu 1

mageia 2

ibm 1

suse 1

openvas

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1932)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1895)

2020-01-23 00:00:00

Debian: Security Advisory (DSA-4433-1)

2019-04-18 00:00:00

alpinelinux

CVE-2019-8321

2019-06-17 20:15:10

nvd

CVE-2019-8321

2019-06-17 20:15:10

cve

CVE-2019-8321

2019-06-17 20:15:10

redhatcve

CVE-2019-8321

2020-04-01 20:04:09

osv

RubyGems Escape sequence injection vulnerability in verbose

2019-06-20 16:06:04

CVE-2019-8321

2019-06-17 20:15:10

ruby:2.5 bug fix and enhancement update

2019-11-05 17:38:32

nessus

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1895)

2019-09-16 00:00:00

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1932)

2019-09-17 00:00:00

Amazon Linux AMI : ruby20 / ruby21, ruby24 (ALAS-2019-1255)

2019-08-13 00:00:00

veracode

Escape Sequence Injection

2019-05-16 04:01:21

github

RubyGems Escape sequence injection vulnerability in verbose

2019-06-20 16:06:04

prion

Design/Logic Flaw

2019-06-17 20:15:00

debiancve

CVE-2019-8321

2019-06-17 20:15:10

ubuntucve

CVE-2019-8321

2019-03-27 00:00:00

centos

ruby, rubygem, rubygems security update

2019-05-21 21:25:00

oraclelinux

ruby security update

2019-05-16 00:00:00

ruby security update

2019-08-13 00:00:00

rocky

2.5 bug fix and enhancement update

2019-11-05 17:38:32

redhat

(RHSA-2019:1235) Important: ruby security update

2019-05-15 17:11:12

(RHSA-2019:1150) Important: rh-ruby24-ruby security, bug fix, and enhancement update

2019-05-13 09:00:24

(RHSA-2019:1429) Important: CloudForms 4.7.5 security, bug fix and enhancement update

2019-06-11 05:28:05

fedora

[SECURITY] Fedora 28 Update: ruby-2.5.5-108.fc28

2019-05-10 01:35:27

[SECURITY] Fedora 29 Update: ruby-2.5.5-101.fc29

2019-05-03 03:43:05

debian

[SECURITY] [DSA 4433-1] ruby2.3 security update

2019-04-16 20:57:32

[SECURITY] [DLA 2330-1] jruby security update

2020-08-16 13:13:28

[SECURITY] [DLA 1796-1] jruby security update

2019-05-20 11:07:17

cloudfoundry

USN-3945-1: Ruby vulnerabilities | Cloud Foundry

2019-04-12 00:00:00

amazon

Important: ruby20, ruby21, ruby24

2019-08-07 22:58:00

freebsd

RubyGems -- multiple vulnerabilities

2019-03-05 00:00:00

ubuntu

Ruby vulnerabilities

2019-04-11 00:00:00

mageia

Updated jruby packages fix security vulnerabilities

2020-11-27 23:14:57

Updated ruby-RubyGems packages fix security vulnerability

2020-06-11 00:39:20

ibm

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z

2019-07-15 22:35:01

suse

Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)

2019-07-21 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.3%

JSON

Related for CVELIST:CVE-2019-8321