Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000079

Опубликовано: 13 мар. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.5

Описание

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

not-affected

9.1.17.0-3
disco

not-affected

9.1.17.0-2
eoan

not-affected

9.1.17.0-3
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

9.1.17.0-3
esm-apps/noble

not-affected

9.1.17.0-3
esm-apps/xenial

needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [code not present]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.6]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

released

2.3.3-1ubuntu1.4
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

released

2.3.1-2~16.04.7
focal

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

released

2.5.1-1
cosmic

released

2.5.1-1
devel

DNE

disco

released

2.5.1-1
eoan

released

2.5.1-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

2.5.1-1
esm-infra/focal

DNE

focal

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 54%
0.00316
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1000079

CVSS3: 5.5
redhat
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

nvd логотип

CVE-2018-1000079

CVSS3: 5.5
nvd
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

debian логотип

CVE-2018-1000079

CVSS3: 5.5
debian
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...

github логотип

GHSA-8qxg-mff5-j3wc

CVSS3: 5.5
github
больше 3 лет назад

RubyGems Path Traversal vulnerability

fstec логотип

BDU:2019-04231

CVSS3: 5.5
fstec
почти 8 лет назад

Уязвимость механизма установки системы управления пакетами RubyGems, позволяющая нарушителю записать произвольные файлы в файловую систему устройства

EPSS

Процентиль: 54%
0.00316
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3