RubyGems Escape sequence injection vulnerability in gem owner

GHSA-mh37-8c3g-3fgc · CVE-2019-8322

Published Jun 20, 2019 · Modified Feb 16, 2024

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-8322
WEB https://hackerone.com/reports/315087
WEB https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8322.yml
WEB https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
WEB http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes