Back to search
CVE-2016-7954
Published: Dec 22, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
93423
vdb-entry
x_refsource_BID
https://github.com/bundler/bundler/issues/5062
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1381951
x_refsource_CONFIRM
[oss-security] 20161004 Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)
mailing-list
x_refsource_MLIST
https://github.com/bundler/bundler/issues/5051
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now