CVE-2019-8320 — Path Traversal in Rubygems

CWE-22 — Path Traversal10 documents7 sources

Severity

7.4HIGHNVD

EPSS

6.3%

top 9.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rubygems Jruby Debian Jruby +1 more

Timeline

PublishedJun 6

Latest updateJun 20

Description

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), th…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages5 packages

▶debiandebian/rubygems< jruby 9.1.17.0-3 (bookworm)

▶Debianrubygems/rubygems< 3.2.0~rc.1-1+3

▶NVDrubygems/rubygems2.7.6 — 3.0.2

▶debiandebian/jruby< jruby 9.1.17.0-3 (bookworm)

▶Debianjruby/jruby< 9.1.17.0-3+2

🔴Vulnerability Details

GHSA

RubyGems Delete directory using symlink when decompressing tar↗2019-06-20

▶

OSV

RubyGems Delete directory using symlink when decompressing tar↗2019-06-20

▶

OSV

CVE-2019-8320: A Directory Traversal issue was discovered in RubyGems 2↗2019-06-06

▶

OSV

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities↗2019-04-11

▶

📋Vendor Advisories

Ubuntu

Ruby vulnerabilities↗2019-04-11

▶

Red Hat

rubygems: Delete directory using symlink when decompressing tar↗2019-03-05

▶

Debian

CVE-2019-8320: jruby - A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3...↗2019

▶

💬Community

Bugzilla

CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 rubygems: various flaws [fedora-all]↗2019-03-25

▶

Bugzilla

CVE-2019-8320 rubygems: Delete directory using symlink when decompressing tar↗2019-03-25

▶