CVE-2013-0334

Опубликовано: 31 окт. 2014

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

Описание

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Релиз	Статус	Примечание
artful	not-affected	1.10.6-2
bionic	not-affected	1.10.6-2
cosmic	not-affected	1.10.6-2
devel	not-affected	1.10.6-2
disco	not-affected	1.10.6-2
esm-apps/bionic	not-affected	1.10.6-2
esm-apps/xenial	not-affected	1.10.6-2
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
lucid	DNE
precise	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2013-0334

EPSS

Процентиль: 65%

0.00498

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2013-0334

redhat

около 11 лет назад

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2013-0334

nvd

почти 11 лет назад

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2013-0334

debian

почти 11 лет назад

Bundler before 1.7, when multiple top-level source lines are used, all ...

SUSE-SU-2015:0795-1

suse-cvrf

больше 10 лет назад

Security update for rubygem-bundler

GHSA-49jx-9cmc-xjxm

github

больше 3 лет назад

Bundler may install gems from a different source than expected

EPSS

Процентиль: 65%

0.00498

Низкий

5 Medium

CVSS2

CVE-2013-0334

Описание

Пакет bundler

Ссылки на источники

Связанные уязвимости