4 matches found
Security update for rubygem-bundler
This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen bsc1185842 CVE-2021-43809: rubygem-bundler: remot...
DEBIAN-CVE-2026-34060
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting
Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...
Security update for rubygem-bundler
This update for rubygem-bundler fixes the following issues: CVE-2021-43809: Fixed remote execution via Gemfile argument injection bsc1193578 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...