Sha256: f8e441e2e00dae32cbd8b42ccf73e9638128b55b2eef767b397f5b0ba9d82870

Contents?: true

Size: 540 Bytes

Versions: 5

Compression:

Stored size: 540 Bytes

Contents

---
gem: bundler
cve: 2013-0334
osvdb: 110004
url: http://www.osvdb.org/show/osvdb/110004
title: Bundler Gem for Ruby Multiple Top-level Source Lines Gemfile Handling Gem Installation Spoofing
date: 2014-08-13
description: |
  Bundler Gem for Ruby contains a flaw that is triggered when handling
  a gemfile that contains multiple top-level source lines. This may allow a
  context-dependent attacker to install specially crafted gems on a remote
  system, leading to arbitrary code execution.
cvss_v2: 5.0
patched_versions:
  - ">= 1.7.0"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/bundler/OSVDB-110004.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/bundler/OSVDB-110004.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/bundler/OSVDB-110004.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/bundler/OSVDB-110004.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/bundler/OSVDB-110004.yml