Описание
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby2.3 | fixed | 2.3.3-1+deb9u1 | package | |
| ruby2.1 | removed | package | ||
| ruby1.9.1 | removed | package | ||
| rubygems | fixed | 3.2.0~rc.1-1 | package |
Примечания
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
http://blog.rubygems.org/2017/08/27/2.6.13-released.html
For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
EPSS
Связанные уязвимости
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
EPSS