An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html | Mailing List Third Party Advisory |
https://hackerone.com/reports/315087 | Permissions Required Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-17T19:02:14
Updated: 2020-08-16T14:06:08
Reserved: 2019-02-13T00:00:00
Link: CVE-2019-8322
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-17T20:15:10.353
Modified: 2020-08-19T19:00:21.217
Link: CVE-2019-8322
JSON object: View
Redhat Information
No data.
CWE