Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-0899

Опубликовано: 31 авг. 2017
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.

Отчет

This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6rubygemsWill not fix
Red Hat Enterprise MRG 2rubygemsUnder investigation
Red Hat Satellite 6rubygemsUnder investigation
Red Hat Subscription Asset Managerruby193-rubygemsUnder investigation
Red Hat Enterprise Linux 7rubyFixedRHSA-2018:037828.02.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-ruby24-rubyFixedRHSA-2017:348519.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-ruby22-rubyFixedRHSA-2018:058326.03.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-ruby23-rubyFixedRHSA-2018:058526.03.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-ruby24-rubyFixedRHSA-2017:348519.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-ruby22-rubyFixedRHSA-2018:058326.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-138
https://bugzilla.redhat.com/show_bug.cgi?id=1487590rubygems: Escape sequence in the "summary" field of gemspec

EPSS

Процентиль: 91%
0.07362
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-0899

CVSS3: 9.8
ubuntu
около 8 лет назад

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

nvd логотип

CVE-2017-0899

CVSS3: 9.8
nvd
около 8 лет назад

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

debian логотип

CVE-2017-0899

CVSS3: 9.8
debian
около 8 лет назад

RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...

github логотип

GHSA-7gcp-2gmq-w3xh

CVSS3: 9.8
github
больше 3 лет назад

RubyGems Code Injection vulnerability

oracle-oval логотип

ELSA-2018-0378

oracle-oval
больше 7 лет назад

ELSA-2018-0378: ruby security update (IMPORTANT)

EPSS

Процентиль: 91%
0.07362
Низкий

4.3 Medium

CVSS3

Уязвимость CVE-2017-0899