Описание
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | rubygems | Will not fix | ||
| Red Hat Software Collections | rh-ruby23-ruby | Fix deferred | ||
| Red Hat Software Collections | rh-ruby26-ruby | Not affected | ||
| CloudForms Management Engine 5.10 | cfme | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | cfme-amazon-smartstate | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | cfme-appliance | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | cfme-gemset | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | ruby | Fixed | RHSA-2019:1429 | 11.06.2019 |
| Red Hat Enterprise Linux 7 | ruby | Fixed | RHSA-2019:1235 | 15.05.2019 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | ruby | Fixed | RHSA-2020:2769 | 30.06.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...
RubyGems Escape sequence injection vulnerability in gem owner
Уязвимость команды gem owner системы управления пакетами RubyGems, связанная с выводом содержимого ответа API в стандартный поток вывода, позволяющая нарушителю нарушить целостность данных
EPSS
5.3 Medium
CVSS3