Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:0545

Опубликовано: 16 фев. 2022
Источник: rocky
Оценка: Important

Описание

Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
rubygem-abrtnoarch4.module+el8.5.0+738+032c9c02rubygem-abrt-0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm
rubygem-abrt-docnoarch4.module+el8.5.0+738+032c9c02rubygem-abrt-doc-0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm
rubygem-bsonx86_642.module+el8.4.0+592+03ff458arubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm
rubygem-bson-docnoarch2.module+el8.4.0+592+03ff458arubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a.noarch.rpm
rubygem-bundlernoarch4.module+el8.6.0+992+fc951c18rubygem-bundler-1.16.1-4.module+el8.6.0+992+fc951c18.noarch.rpm
rubygem-bundler-docnoarch4.module+el8.6.0+992+fc951c18rubygem-bundler-doc-1.16.1-4.module+el8.6.0+992+fc951c18.noarch.rpm
rubygem-mongonoarch2.module+el8.4.0+592+03ff458arubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a.noarch.rpm
rubygem-mongo-docnoarch2.module+el8.4.0+592+03ff458arubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a.noarch.rpm
rubygem-mysql2x86_644.module+el8.5.0+739+43897a5erubygem-mysql2-0.4.10-4.module+el8.5.0+739+43897a5e.x86_64.rpm
rubygem-mysql2-docnoarch4.module+el8.5.0+739+43897a5erubygem-mysql2-doc-0.4.10-4.module+el8.5.0+739+43897a5e.noarch.rpm

Показывать по

Связанные CVE

CVE-2020-36327

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-36327

CVSS3: 8.8
ubuntu
около 4 лет назад

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.

redhat логотип

CVE-2020-36327

CVSS3: 8.8
redhat
больше 4 лет назад

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.

nvd логотип

CVE-2020-36327

CVSS3: 8.8
nvd
около 4 лет назад

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.

debian логотип

CVE-2020-36327

CVSS3: 8.8
debian
около 4 лет назад

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...

suse-cvrf логотип

SUSE-SU-2025:1294-1

suse-cvrf
2 месяца назад

Security update for rubygem-bundler