Sha256: 06b966043e928ec4943011c4931c2f4bea1cd44e5fbde23098f11c8424922257
Contents?: true
Size: 598 Bytes
Versions: 1
Compression:
Stored size: 598 Bytes
Contents
--- gem: rubygems-update library: rubygems cve: 2017-0903 url: https://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html title: Unsafe Object Deserialization Vulnerability in RubyGems date: 2017-10-09 description: | There is a possible unsafe object deserialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. cvss_v2: 7.5 unaffected_versions: - "< 2.0.0" patched_versions: - ">= 2.6.14"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0903.yml |