Lucene search

K

HackeroneCVELIST:CVE-2017-0899

HistoryAug 27, 2017 - 12:00 a.m.

CVE-2017-0899

2017-08-2700:00:00

CWE-150

hackerone

www.cve.org

1

8.6 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.9%

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

CNA Affected

[
  {
    "product": "RubyGems",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 2.6.13"
      }
    ]
  }
]

References

blog.rubygems.org/2017/08/27/2.6.13-released.html

www.securityfocus.com/bid/100576

www.securitytracker.com/id/1039249

access.redhat.com/errata/RHSA-2017:3485

access.redhat.com/errata/RHSA-2018:0378

access.redhat.com/errata/RHSA-2018:0583

access.redhat.com/errata/RHSA-2018:0585

github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1

github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491

hackerone.com/reports/226335

lists.debian.org/debian-lts-announce/2018/07/msg00012.html

security.gentoo.org/glsa/201710-01

www.debian.org/security/2017/dsa-3966

8.6 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.9%

Related for CVELIST:CVE-2017-0899

prion1 nvd1 github1 cve1 debiancve1 redhatcve1 hackerone1 veracode1 osv5 alpinelinux1 f51 fedora3 ubuntucve2 gentoo1 openvas14 nessus26 mageia1 ubuntu1 debian3 slackware1 redhat4 amazon2 ibm1 oraclelinux1 centos1