Lucene search
K

109 matches found

OSV
OSV
added 2019/06/17 8:15 p.m.19 views

CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS7.6AI score
Exploits0References3
OSV
OSV
added 2019/06/17 8:15 p.m.4 views

ALPINE-CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS7.4AI score0.03372EPSS
Exploits0References1
Prion
Prion
added 2019/06/17 8:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

5CVSS8AI score0.03372EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2019/06/17 7:2 p.m.21 views

CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

8.2AI score0.03372EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/06/17 7:2 p.m.21 views

CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

7.5CVSS6.9AI score0.03372EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/06/17 7:2 p.m.24 views

CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

7.5CVSS8.3AI score0.03372EPSS
Exploits0
CVE
CVE
added 2019/06/17 7:1 p.m.280 views

CVE-2019-8323

RubyGems 2.6 and later through 3.0.2 contain an escape sequence injection vulnerability in API response handling. Specifically, Gem::GemcutterUtilities#with_response may output the API response to stdout as it is, and if the response is crafted, this can be exploited. The issue is documented as C...

7.5CVSS8AI score0.03372EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2019/06/17 7:1 p.m.27 views

CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS6.8AI score0.03372EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/06/17 7:1 p.m.32 views

CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS8.3AI score0.03372EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/06/11 5:33 a.m.3 views

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS6.7AI score0.03372EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/16 3:48 a.m.25 views

Escape Sequence Injection

Ruby is vulnerable to escape sequence injection. This exists in the function Gem::GemcutterUtilitieswithresponse of the component API Response Handler. Gem::GemcutterUtilitieswithresponse may output the API response to stdout without any change. Modifications in the response from API side may cau...

7.5CVSS8.3AI score0.03372EPSS
Exploits0References5Affected Software11
Oracle linux
Oracle linux
added 2019/05/16 12:0 a.m.147 views

ruby security update

2.0.0.648-35 - Introduce method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escape sequence injection vulnerability in verbose. - Fix escape sequence injection vulnerability in gem owner. - Fix escape sequence injection vulnerability in API...

8.8CVSS1.4AI score0.03372EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/05/13 9:4 a.m.7 views

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS6.7AI score0.03372EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/04/02 12:0 a.m.80 views

Debian: Security Advisory (DLA-1735-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.4AI score0.04212EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/03/27 12:0 a.m.20 views

CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

7.5CVSS6.8AI score0.03372EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/03/27 12:0 a.m.27 views

CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS6.8AI score0.03372EPSS
Exploits0References6
OSV
OSV
added 2019/03/27 12:0 a.m.3 views

UBUNTU-CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

7.5CVSS6.8AI score0.03372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/03/18 12:0 a.m.43 views

FreeBSD : RubyGems -- multiple vulnerabilities (27b12d04-4722-11e9-8b7c-b5e01141761f)

RubyGems Security Advisories : CVE-2019-8320: Delete directory using symlink when decompressing tar CVE-2019-8321: Escape sequence injection vulnerability in 'verbose' CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner' CVE-2019-8323: Escape sequence injection vulnerability in A...

8.8CVSS6.8AI score0.04212EPSS
Exploits1References9
CNVD
CNVD
added 2019/03/07 12:0 a.m.2 views

RubyGems Code Execution Vulnerability (CNVD-2019-12147)

RubyGems is a Ruby package manager from the RubyGems organization. The product is mainly used for publishing and managing Ruby packages. A security vulnerability exists in RubyGems versions 2.6 through 3.0.2 in gem owner, which stems from the gem owner command exporting the contents of an API...

7.5CVSS9.6AI score0.03372EPSS
Exploits0References1
RubySec
RubySec
added 2019/03/05 12:0 a.m.16 views

Escape sequence injection vulnerability in api response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS0.6AI score0.03372EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder