Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000073

Опубликовано: 13 мар. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

not-affected

9.1.17.0-3
disco

ignored

end of life
eoan

not-affected

9.1.17.0-3
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

9.1.17.0-3
esm-apps/noble

not-affected

9.1.17.0-3
esm-apps/xenial

needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [code not present]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.6]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

released

2.3.3-1ubuntu1.4
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

released

2.3.1-2~16.04.7
focal

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

released

2.5.1-1
cosmic

not-affected

2.5.1-1
devel

DNE

disco

not-affected

2.5.1-1
eoan

not-affected

2.5.1-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

2.5.1-1
esm-infra/focal

DNE

focal

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 77%
0.01057
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1000073

CVSS3: 5.5
redhat
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.

nvd логотип

CVE-2018-1000073

CVSS3: 7.5
nvd
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.

debian логотип

CVE-2018-1000073

CVSS3: 7.5
debian
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...

github логотип

GHSA-gx69-6cp4-hxrj

CVSS3: 7.5
github
больше 3 лет назад

RubyGems Link Following vulnerability

fstec логотип

BDU:2019-04183

CVSS3: 7.5
fstec
почти 8 лет назад

Уязвимость функции install_location (package.rb) системы управления пакетами RubyGems, позволяющая нарушителю получить доступ к произвольным файлам

EPSS

Процентиль: 77%
0.01057
Низкий

5 Medium

CVSS2

7.5 High

CVSS3