Количество 30
Количество 30
ELSA-2019-1235
ELSA-2019-1235: ruby security update (IMPORTANT)
openSUSE-SU-2019:1771-1
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
SUSE-SU-2019:1804-1
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
SUSE-SU-2020:1570-1
Security update for ruby2.1
CVE-2019-8324
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
CVE-2019-8324
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
CVE-2019-8324
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
CVE-2019-8324
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...
RLSA-2019:1972
Important: ruby:2.5 security update
GHSA-76wm-422q-92mq
Code injection in RubyGems
ELSA-2019-1972
ELSA-2019-1972: ruby:2.5 security update (IMPORTANT)
BDU:2020-00760
Уязвимость функции sure_loadable_spec системы управления пакетами RubyGems, связанная с ошибками обработки многострочных имен, позволяющая нарушителю выполнить произвольный код
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
CVE-2019-8322
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...
GHSA-mh37-8c3g-3fgc
RubyGems Escape sequence injection vulnerability in gem owner
BDU:2020-00753
Уязвимость команды gem owner системы управления пакетами RubyGems, связанная с выводом содержимого ответа API в стандартный поток вывода, позволяющая нарушителю нарушить целостность данных
CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
CVE-2019-8325
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2019-1235 ELSA-2019-1235: ruby security update (IMPORTANT) | около 6 лет назад | ||
 | openSUSE-SU-2019:1771-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5 | почти 6 лет назад | ||
| SUSE-SU-2019:1804-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5 | почти 6 лет назад | ||
| SUSE-SU-2020:1570-1 Security update for ruby2.1 | около 5 лет назад | ||
 | CVE-2019-8324 An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | CVSS3: 8.8 | 1% Низкий | около 6 лет назад |
 | CVE-2019-8324 An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | CVSS3: 7.2 | 1% Низкий | больше 6 лет назад |
 | CVE-2019-8324 An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. | CVSS3: 8.8 | 1% Низкий | около 6 лет назад |
| CVE-2019-8324 An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ... | CVSS3: 8.8 | 1% Низкий | около 6 лет назад |
 | RLSA-2019:1972 Important: ruby:2.5 security update | 1% Низкий | почти 6 лет назад | |
| GHSA-76wm-422q-92mq Code injection in RubyGems | CVSS3: 8.8 | 1% Низкий | почти 6 лет назад |
| ELSA-2019-1972 ELSA-2019-1972: ruby:2.5 security update (IMPORTANT) | почти 6 лет назад | ||
 | BDU:2020-00760 Уязвимость функции sure_loadable_spec системы управления пакетами RubyGems, связанная с ошибками обработки многострочных имен, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 1% Низкий | около 6 лет назад |
| CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
| CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ... | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| GHSA-mh37-8c3g-3fgc RubyGems Escape sequence injection vulnerability in gem owner | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
| BDU:2020-00753 Уязвимость команды gem owner системы управления пакетами RubyGems, связанная с выводом содержимого ответа API в стандартный поток вывода, позволяющая нарушителю нарушить целостность данных | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| CVE-2019-8325 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| CVE-2019-8325 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) | CVSS3: 5.3 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу