Sha256: 83637f5e3abb224807f330fdd042a61d0fc9213c720343a457bbda0ed1cb4962
Contents?: true
Size: 591 Bytes
Versions: 2
Compression:
Stored size: 591 Bytes
Contents
--- library: rubygems cve: 2019-8324 url: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html title: Installing a malicious gem may lead to arbitrary code execution date: 2019-03-05 description: | An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. unaffected_versions: - "< 2.6" patched_versions: - ">= 3.0.3" - "~> 2.7.9"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-budit-0.6.2 | data/ruby-advisory-db/libraries/rubygems/CVE-2019-8324.yml |
| bundler-budit-0.6.1 | data/ruby-advisory-db/libraries/rubygems/CVE-2019-8324.yml |