rubygems -- deserialization vulnerability

2017-10-09T00:00:00
ID 2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206
Type freebsd
Reporter FreeBSD
Modified 2017-10-09T00:00:00

Description

oss-security mailing list:

There is a possible unsafe object desrialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.