CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
References
Link Resource
https://hackerone.com/reports/315087 Permissions Required Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Information

Published : 2019-06-17 08:15

Updated : 2020-08-19 07:00


NVD link : CVE-2019-8322

Mitre link : CVE-2019-8322

Products Affected
No products.
CWE