CVE-2017-0899: RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Affected

19 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	rubygems	< rubygems 3.2.0~rc.1-1 (bookworm)	rubygems 3.2.0~rc.1-1 (bookworm)
hackerone	rubygems	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—
rubygems	rubygems	<= 2.6.12	—
rubygems	rubygems	>= 0 < 3.2.0~rc.1-1	3.2.0~rc.1-1
rubygems	rubygems	>= 0 < 3.2.0~rc.1-1	3.2.0~rc.1-1
rubygems	rubygems	>= 0 < 3.2.0~rc.1-1	3.2.0~rc.1-1
rubygems	rubygems	>= 0 < 3.2.0~rc.1-1	3.2.0~rc.1-1

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL