Описание
RubyGems Escape sequence injection vulnerability in verbose
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-8321
- https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8321.yml
- https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
Пакеты
rubygems-update
>= 2.6.0, < 2.7.9
2.7.9
rubygems-update
>= 3.0.0, < 3.0.2
3.0.2
Связанные уязвимости
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
Уязвимость модуля Gem::UserInteraction системы управления пакетами RubyGems, позволяющая нарушителю нарушить целостность данных