---
library: rubygems
cve: 2019-8322
url: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
title: Escape sequence injection vulnerability in gem owner
date: 2019-03-05
description: |
  An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem
  owner command outputs the contents of the API response directly to stdout.
  Therefore, if the response is crafted, escape sequence injection may occur.
unaffected_versions:
  - "< 2.6"
patched_versions:
  - ">= 3.0.3"
  - "~> 2.7.9"