rubygems -- deserialization vulnerability

ID 2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206
Type freebsd
Reporter FreeBSD
Modified 2017-10-09T00:00:00


oss-security mailing list:

There is a possible unsafe object desrialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.