Описание
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 9.1.17.0-3 |
| disco | ignored | end of life |
| eoan | not-affected | 9.1.17.0-3 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 9.1.17.0-3 |
| esm-apps/noble | not-affected | 9.1.17.0-3 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | 1.5.6-9+deb8u2build0.14.04.1~esm2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.14]] |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.13]] |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | 2.3.1-2~16.04.12 |
| focal | DNE | |
| groovy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.5.1-1ubuntu1.2 |
| cosmic | released | 2.5.1-5ubuntu4.3 |
| devel | DNE | |
| disco | released | 2.5.5-1 |
| eoan | released | 2.5.5-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2.5.1-1ubuntu1.2 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
Уязвимость модуля Gem::CommandManage системы управления пакетами RubyGems, связанная с недостаточным экранированием, позволяющая нарушителю нарушить целостность данных
EPSS
5 Medium
CVSS2
7.5 High
CVSS3