5 matches found
CVE-2019-8323
RubyGems 2.6 and later through 3.0.2 contain an escape sequence injection vulnerability in API response handling. Specifically, Gem::GemcutterUtilities#with_response may output the API response to stdout as it is, and if the response is crafted, this can be exploited. The issue is documented as C...
CVE-2019-8323
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
Escape Sequence Injection
Ruby is vulnerable to escape sequence injection. This exists in the function Gem::GemcutterUtilitieswithresponse of the component API Response Handler. Gem::GemcutterUtilitieswithresponse may output the API response to stdout without any change. Modifications in the response from API side may cau...
CVE-2019-8323
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
UBUNTU-CVE-2019-8323
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...