526 matches found
Design/Logic Flaw
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...
ALPINE-CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
DEBIAN-CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
Design/Logic Flaw
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
CVE-2019-8321
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...
CVE-2019-8321
CVE-2019-8321 is an escape sequence injection vulnerability in RubyGems: Gem::UserInteraction#verbose calls say without escaping, enabling injection in RubyGems versions 2.6 and later up to 3.0.2. Connected advisories (Debian DLA-2330-1, ALAS-2019-1255, Alpine Linux, Debian tracker) confirm the i...
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...
CVE-2019-8322
CVE-2019-8322 affects RubyGems 2.6 and later through 3.0.2. The root cause is that the gem owner command outputs the API response contents directly to stdout, enabling escape sequence injection if the response is crafted. The connected documents provide multiple references (including Debian, Red ...
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...
CVE-2019-8323
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
CVE-2019-8323
RubyGems 2.6 and later through 3.0.2 contain an escape sequence injection vulnerability in API response handling. Specifically, Gem::GemcutterUtilities#with_response may output the API response to stdout as it is, and if the response is crafted, this can be exploited. The issue is documented as C...
CVE-2019-8323
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
CVE-2019-8323
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
CVE-2019-8325
The CVE-2019-8325 issue is a vulnerability in RubyGems where Gem::CommandManager#run calls alert_error without escaping, enabling escape sequence injection (described as multiple ways to trigger an error). The connected Debian advisory confirms the impact is present in JRuby packages and lists CV...
CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
rubygems: Escape sequence injection vulnerability in API response handling
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...