An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

hackerone.com/reports/317353

lists.debian.org/debian-lts-announce/2020/08/msg00027.html

prion 1

github 1

ubuntucve 1

osv 7

veracode 1

nvd 1

debiancve 1

redhatcve 1

alpinelinux 1

cve 1

nessus 28

openvas 16

amazon 2

f5 1

debian 4

centos 1

redhat 5

rocky 1

oraclelinux 2

fedora 2

cloudfoundry 1

freebsd 1

ubuntu 1

mageia 2

ibm 1

suse 1

prion

Design/Logic Flaw

2019-06-17 19:15:00

github

RubyGems Escape sequence injection in errors

2019-06-20 16:08:21

ubuntucve

CVE-2019-8325

2019-03-27 00:00:00

osv

RubyGems Escape sequence injection in errors

2019-06-20 16:08:21

CVE-2019-8325

2019-06-17 19:15:11

ruby2.1 - security update

2019-03-29 00:00:00

veracode

Escape Sequence Injection

2019-05-16 03:48:47

nvd

CVE-2019-8325

2019-06-17 19:15:11

debiancve

CVE-2019-8325

2019-06-17 19:15:11

redhatcve

CVE-2019-8325

2020-04-09 03:16:04

alpinelinux

CVE-2019-8325

2019-06-17 19:15:11

cve

CVE-2019-8325

2019-06-17 19:15:11

nessus

Oracle Linux 7 : ruby (ELSA-2019-1235)

2019-05-16 00:00:00

NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0080)

2019-08-12 00:00:00

CentOS 7 : ruby (CESA-2019:1235)

2019-05-22 00:00:00

openvas

CentOS Update for ruby CESA-2019:1235 centos7

2019-05-22 00:00:00

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1597)

2020-01-23 00:00:00

Debian: Security Advisory (DLA-1735-1)

2019-04-02 00:00:00

amazon

Important: ruby

2019-07-18 18:14:00

Important: ruby20, ruby21, ruby24

2019-08-07 22:58:00

K81674333 : Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325

2022-10-20 00:00:00

debian

[SECURITY] [DLA 1735-1] ruby2.1 security update

2019-03-29 08:53:04

[SECURITY] [DSA 4433-1] ruby2.3 security update

2019-04-16 20:57:32

[SECURITY] [DLA 1796-1] jruby security update

2019-05-20 11:06:55

centos

ruby, rubygem, rubygems security update

2019-05-21 21:25:00

redhat

(RHSA-2019:1235) Important: ruby security update

2019-05-15 17:11:12

(RHSA-2019:1429) Important: CloudForms 4.7.5 security, bug fix and enhancement update

2019-06-11 05:28:05

(RHSA-2019:1150) Important: rh-ruby24-ruby security, bug fix, and enhancement update

2019-05-13 09:00:24

rocky

2.5 bug fix and enhancement update

2019-11-05 17:38:32

oraclelinux

ruby security update

2019-05-16 00:00:00

ruby security update

2019-08-13 00:00:00

fedora

[SECURITY] Fedora 29 Update: ruby-2.5.5-101.fc29

2019-05-03 03:43:05

[SECURITY] Fedora 28 Update: ruby-2.5.5-108.fc28

2019-05-10 01:35:27

cloudfoundry

USN-3945-1: Ruby vulnerabilities | Cloud Foundry

2019-04-12 00:00:00

freebsd

RubyGems -- multiple vulnerabilities

2019-03-05 00:00:00

ubuntu

Ruby vulnerabilities

2019-04-11 00:00:00

mageia

Updated jruby packages fix security vulnerabilities

2020-11-27 23:14:57

Updated ruby-RubyGems packages fix security vulnerability

2020-06-11 00:39:20

ibm

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z

2019-07-15 22:35:01

suse

Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)

2019-07-21 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for CVELIST:CVE-2019-8325