Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-8323

Опубликовано: 05 мар. 2019
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6rubygemsWill not fix
Red Hat Software Collectionsrh-ruby23-rubyFix deferred
Red Hat Software Collectionsrh-ruby26-rubyNot affected
CloudForms Management Engine 5.10cfmeFixedRHSA-2019:142911.06.2019
CloudForms Management Engine 5.10cfme-amazon-smartstateFixedRHSA-2019:142911.06.2019
CloudForms Management Engine 5.10cfme-applianceFixedRHSA-2019:142911.06.2019
CloudForms Management Engine 5.10cfme-gemsetFixedRHSA-2019:142911.06.2019
CloudForms Management Engine 5.10rubyFixedRHSA-2019:142911.06.2019
Red Hat Enterprise Linux 7rubyFixedRHSA-2019:123515.05.2019
Red Hat Enterprise Linux 7.4 Advanced Update SupportrubyFixedRHSA-2020:276930.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-88
https://bugzilla.redhat.com/show_bug.cgi?id=1692519rubygems: Escape sequence injection vulnerability in API response handling

EPSS

Процентиль: 49%
0.00254
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-8323

CVSS3: 7.5
ubuntu
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

nvd логотип

CVE-2019-8323

CVSS3: 7.5
nvd
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

debian логотип

CVE-2019-8323

CVSS3: 7.5
debian
около 6 лет назад

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...

github логотип

GHSA-3h4r-pjv6-cph9

CVSS3: 7.5
github
почти 6 лет назад

RubyGems Escape sequence injection vulnerability in api response handling

fstec логотип

BDU:2020-00754

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость модуля Gem::GemcutterUtilities системы управления пакетами RubyGems, связанная с выводом содержимого ответа API в стандартный поток вывода, позволяющая нарушителю нарушить целостность данных

EPSS

Процентиль: 49%
0.00254
Низкий

5.3 Medium

CVSS3