MiracleLinux 7 : rh-ruby27-ruby-2.7.4-130.el7 (AXSA:2021-2423:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2423:02 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

MiracleLinux 7 : rh-ruby26-ruby-2.6.9-120.el7 (AXSA:2022-3091:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3091:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=0.36.0 <=6.0.0) +6 more potentially affected by unknown CVE via @asyncapi/bundler (>=0.3.11 <=0.6.4)

@asyncapi/bundler NPM version =0.3.11, =4.1.3, =0.36.0, =0.16.0, =1.4.14, =1.6.3, =0.0.0-beta-20240215154132, =0.3.0, =0.7.1 - trusted-publishing-testasyncapi-cli =4.1.3 Source cves: unknown CVE Source advisory: SNYK:JS-ASYNCAPIBUNDLER-14103249...

TencentOS Server 3: ruby:2.5 (TSSA-2025:0448)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0448 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2021-2513

Malware in sbrugna...

EUVD-2022-2347

Malicious code in bioql PyPI...

Security Bulletin: Carbon design system packages

Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....

TencentOS Server 3: rubygem-bundler (TSSA-2022:0191)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0191 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Ubuntu 18.04 ESM : Bundler vulnerability (USN-4870-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4870-1 advisory. It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for...

PT-2021-5751

Name of the Vulnerable Software and Affected Versions bundler versions prior to 2.2.33 Description The issue is related to the handling of untrusted Gemfile's in bundler. When a Gemfile includes gem entries with the git option and invalid values starting with a dash, it can lead to Code Execution...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. ruby 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing...

OESA-2021-1258 rubygem-bundler security update

Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably. Security Fixes: Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogu...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Bundler uses a predictable path in /tmp/, which is created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If is is used in a scenario...

UBUNTU-CVE-2020-36327

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that...

The vulnerability of the Gem Name Handler component in the Bundler’s dependency management tool for Ruby applications relates to a lack of mechanisms for managing code generation. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Gem Name Handler component in the Bundler dependency management tool for Ruby applications relates to improper handling of gems with identical names. Exploiting this vulnerability can allow an attacker to gain access to sensitive data, compromise its integrity, and cause...

USN-4870-1 bundler vulnerability

It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

UBUNTU-CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...