MiracleLinux 7 : rubygem-bundler-1.7.8-3.el7, rubygem-thor-0.19.1-1.el7 (AXSA:2015-789:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-789:01 advisory. rubygem-bundler Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably rubygem-thor Thor i...

SUSE CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

Bundler allows attacker to inject arbitrary code via secondary Gem source

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

Mageia: Security Advisory (MGASA-2013-0334)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

Design/Logic Flaw

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

CVE-2016-7954 affects Bundler 1.x, where a gem name collision on a secondary source can enable remote code execution in a Ruby application. The issue arises from multiple top-level source lines allowing a malicious gem with the same name as a legitimate gem to be pulled from a different source, a...

CVE-2016-7954

Removed by vendor...

Scientific Linux Security Update : rubygem-bundler and rubygem-thor on SL7.x (noarch) (20151119)

A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to one of the sources could create a malicious gem with the same name, which they could then use to trick a user into installing, potentially resulting in execution of code from the...

rubygem security update

CentOS Errata and Security Advisory CESA-2015:2180 Updated rubygem-bundler and rubygem-thor packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security...

Oracle: Security Advisory (ELSA-2015-2180)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : rubygem-bundler and rubygem-thor (RHSA-2015:2180)

Updated rubygem-bundler and rubygem-thor packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...

openSUSE Security Update : rubygem-bundler (openSUSE-2015-275)

rubygem-bunder was updated to fix security vulnerabilities and non-security issues The following security issues were fixed : - Hide credentials while warning about gems with ambiguous sources - Warn when more than one top-level source is present - Bundler may install gems from a different source...

SUSE-SU-2015:0795-1 Security update for rubygem-bundler

The Rubygem Bundler was updated to version 1.7.0. Bundler 1.7 is a security-only release to address CVE-2013-0334, a vulnerability where a gem might be installed from an unintended source server, particularly while using both rubygems.org and gems.github.com. Upstream changes entry with more...

CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source...

CVE-2013-0334

CVE-2013-0334 affects Bundler prior to 1.7, where using multiple top-level gem sources allows a remote attacker to install a gem with the same name from a different source, enabling arbitrary gem installation. The connected MiracleLinux advisory AXSA:2015-789 fixes Bundler by upgrading Bundler to...

CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source...

Fedora 20 : rubygem-bundler-1.7.3-1.fc20 (2014-11630)

This update fixes CVE-2013-0334: 'bundle install' may install a gem from a source other than expected Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 21 : rubygem-bundler-1.7.3-1.fc21 (2014-11677)

This update fixes CVE-2013-0334: 'bundle install' may install a gem from a source other than expected Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...