CVE-2017-0899

Published: Aug 31, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Vendor	Product	Versions
HackerOne	RubyGems	affected `Versions before 2.6.13`

Weaknesses (CWE)

CWE-150

References

RHSA-2018:0585

vendor-advisory

x_refsource_REDHAT

DSA-3966

vendor-advisory

x_refsource_DEBIAN

RHSA-2018:0378

vendor-advisory

x_refsource_REDHAT

https://hackerone.com/reports/226335

x_refsource_MISC

1039249

vdb-entry

x_refsource_SECTRACK

https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1

x_refsource_MISC

https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491

x_refsource_MISC

RHSA-2017:3485

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update

mailing-list

x_refsource_MLIST

RHSA-2018:0583

vendor-advisory

x_refsource_REDHAT

GLSA-201710-01

vendor-advisory

x_refsource_GENTOO

100576

vdb-entry

x_refsource_BID

http://blog.rubygems.org/2017/08/27/2.6.13-released.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-0899

Description

Affected Products

Weaknesses (CWE)

References