Описание
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was deferred |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | deferred | 2019-09-03 |
| esm-apps/focal | not-affected | 2.1.4-1 |
| esm-apps/xenial | deferred | 2019-09-03 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [needed] |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code ...
Bundler allows attacker to inject arbitrary code via secondary Gem source
Уязвимость компонента Gem Name Handler менеджера для управления зависимостями gem в ruby приложениях Bundler, связанная с недостатком механизма управления генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3