Lucene search
Veracode Vulnerability DatabaseVERACODE:20938HistoryJul 31, 2019 - 9:46 a.m.
Remote Code Execution (RCE)
2019-07-3109:46:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
27.3%
Bundler is vulnerable to remote code execution (RCE). The attack is possible because a world writable temporary directory with predictable name tmp/: is created by tmp_home_path when there is no writable home directory, allowing a remote attacker to create a directory and to write malicious libraries to the location.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bundler | le | 2.1.0.pre.2 | |
| rh-ruby26-ruby | eq | 2.6.2__118.el7 | |
| bundler | le | 2.1.0.pre.2 | |
| rh-ruby26-ruby | eq | 2.6.2__118.el7 |
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-1)
2020-06-18 00:00:00
SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-2)
2020-07-16 00:00:00
openSUSE Security Update : rubygem-bundler (openSUSE-2020-803)
2020-07-20 00:00:00
osv
osv
Insecure path handling in Bundler
2021-05-10 14:53:59
CVE-2019-3881
2020-09-04 12:15:10
bundler vulnerability
2021-03-15 22:59:20
openvas
openvas
openSUSE: Security Advisory for rubygem-bundler (openSUSE-SU-2020:0861-1)
2020-06-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1582-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-4870-1)
2023-01-27 00:00:00
ubuntucve
ubuntucve
CVE-2019-3881
2020-09-04 00:00:00
redhatcve
redhatcve
CVE-2019-3881
2019-10-30 09:46:40
prion
prion
Code injection
2020-09-04 12:15:00
alpinelinux
alpinelinux
CVE-2019-3881
2020-09-04 12:15:00
ubuntu
ubuntu
Bundler vulnerability
2021-03-15 00:00:00
suse
suse
Security update for rubygem-bundler (moderate)
2020-06-25 00:00:00
Security update for rubygem-bundler (moderate)
2020-06-13 00:00:00
cve
cve
CVE-2019-3881
2020-09-04 12:15:10
cvelist
cvelist
CVE-2019-3881
2020-09-04 00:00:00
nvd
nvd
CVE-2019-3881
2020-09-04 12:15:10
github
github
Insecure path handling in Bundler
2021-05-10 14:53:59
debiancve
debiancve
CVE-2019-3881
2020-09-04 12:15:10
freebsd
freebsd
Gitlab -- multiple vulnerabilities
2021-01-07 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0060
2021-07-13 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0060
2021-07-13 00:00:00
almalinux
almalinux
Moderate: ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
oraclelinux
oraclelinux
ruby:2.6 security, bug fix, and enhancement update
2021-07-07 00:00:00
redhat
redhat
rocky
rocky
ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
ibm
ibm
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34