CVE-2013-0334

Опубликовано: 31 окт. 2014

Источник: debian

Описание

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
bundler	fixed	1.7.2-1		package
bundler	no-dsa		wheezy	package

Связанные уязвимости

CVE-2013-0334

ubuntu

около 11 лет назад

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2013-0334

redhat

около 11 лет назад

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2013-0334

nvd

около 11 лет назад

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

SUSE-SU-2015:0795-1

suse-cvrf

больше 10 лет назад

Security update for rubygem-bundler

GHSA-49jx-9cmc-xjxm

github

больше 3 лет назад

Bundler may install gems from a different source than expected