An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

hackerone.com/reports/315087

lists.debian.org/debian-lts-announce/2020/08/msg00027.html

ubuntucve 1

osv 7

prion 1

nvd 1

veracode 1

alpinelinux 1

debiancve 1

github 1

redhatcve 1

cve 1

nessus 28

f5 1

openvas 16

amazon 2

rocky 1

oraclelinux 2

centos 1

debian 4

redhat 5

fedora 2

cloudfoundry 1

freebsd 1

ubuntu 1

mageia 2

ibm 1

suse 1

ubuntucve

CVE-2019-8322

2019-03-27 00:00:00

osv

RubyGems Escape sequence injection vulnerability in gem owner

2019-06-20 16:06:00

CVE-2019-8322

2019-06-17 20:15:10

ruby2.1 - security update

2019-03-29 00:00:00

prion

Design/Logic Flaw

2019-06-17 20:15:00

nvd

CVE-2019-8322

2019-06-17 20:15:10

veracode

Escape Sequence Injection

2019-05-16 03:48:47

alpinelinux

CVE-2019-8322

2019-06-17 20:15:10

debiancve

CVE-2019-8322

2019-06-17 20:15:10

github

RubyGems Escape sequence injection vulnerability in gem owner

2019-06-20 16:06:00

redhatcve

CVE-2019-8322

2020-04-02 08:32:54

cve

CVE-2019-8322

2019-06-17 20:15:10

nessus

NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0084)

2019-08-12 00:00:00

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1597)

2019-05-29 00:00:00

Scientific Linux Security Update : ruby on SL7.x x86_64 (20190515)

2019-05-16 00:00:00

K81674333 : Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325

2022-10-20 00:00:00

openvas

CentOS Update for ruby CESA-2019:1235 centos7

2019-05-22 00:00:00

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1597)

2020-01-23 00:00:00

Debian: Security Advisory (DLA-1735-1)

2019-04-02 00:00:00

amazon

Important: ruby

2019-07-18 18:14:00

Important: ruby20, ruby21, ruby24

2019-08-07 22:58:00

rocky

2.5 bug fix and enhancement update

2019-11-05 17:38:32

oraclelinux

ruby security update

2019-05-16 00:00:00

ruby security update

2019-08-13 00:00:00

centos

ruby, rubygem, rubygems security update

2019-05-21 21:25:00

debian

[SECURITY] [DLA 1735-1] ruby2.1 security update

2019-03-29 08:53:04

[SECURITY] [DSA 4433-1] ruby2.3 security update

2019-04-16 20:57:32

[SECURITY] [DLA 2330-1] jruby security update

2020-08-16 13:13:11

redhat

(RHSA-2019:1235) Important: ruby security update

2019-05-15 17:11:12

(RHSA-2019:1150) Important: rh-ruby24-ruby security, bug fix, and enhancement update

2019-05-13 09:00:24

(RHSA-2019:1429) Important: CloudForms 4.7.5 security, bug fix and enhancement update

2019-06-11 05:28:05

fedora

[SECURITY] Fedora 28 Update: ruby-2.5.5-108.fc28

2019-05-10 01:35:27

[SECURITY] Fedora 29 Update: ruby-2.5.5-101.fc29

2019-05-03 03:43:05

cloudfoundry

USN-3945-1: Ruby vulnerabilities | Cloud Foundry

2019-04-12 00:00:00

freebsd

RubyGems -- multiple vulnerabilities

2019-03-05 00:00:00

ubuntu

Ruby vulnerabilities

2019-04-11 00:00:00

mageia

Updated jruby packages fix security vulnerabilities

2020-11-27 23:14:57

Updated ruby-RubyGems packages fix security vulnerability

2020-06-11 00:39:20

ibm

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z

2019-07-15 22:35:01

suse

Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)

2019-07-21 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVELIST:CVE-2019-8322