4 matches found
CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
EUVD-2026-32726
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
PT-2026-44197
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
The vulnerability of the RubyGems package management system, related to the possibility of cross-site scripting, allows a hacker to cause a service failure.
The vulnerability of the RubyGems package management system is related to the possibility of cross-site scripting execution. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially crafted gem archive...