Lucene search

K
osvGoogleOSV:GHSA-MH37-8C3G-3FGC
HistoryJun 20, 2019 - 4:06 p.m.

RubyGems Escape sequence injection vulnerability in gem owner

2019-06-2016:06:00
Google
osv.dev
18
rubygems
escape sequence injection
api response

EPSS

0.002

Percentile

61.5%

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.