Vulnerability CVE-2019-8322


Published: 2019-06-17

Description:
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

Type:

CWE-74

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Rubygems -> Rubygems 

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://hackerone.com/reports/315087

Copyright 2024, cxsecurity.com

 

Back to Top