CVE-2019-8322Injection in Rubygems

CWE-74InjectionCWE-88Argument Injection11 documents8 sources
Severity
7.5HIGHNVD
OSV7.4
EPSS
0.3%
top 44.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
RubygemsJrubyDebian Jruby+3 more
Timeline
PublishedJun 17
Latest updateJun 20

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

debiandebian/rubygems< jruby 9.1.17.0-3 (bookworm)
Debianrubygems/rubygems< 3.2.0~rc.1-1+3
NVDrubygems/rubygems2.6.03.0.2
debiandebian/jruby< jruby 9.1.17.0-3 (bookworm)
Debianjruby/jruby< 9.1.17.0-3+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

5
OSV
RubyGems Escape sequence injection vulnerability in gem owner2019-06-20
GHSA
RubyGems Escape sequence injection vulnerability in gem owner2019-06-20
CVEList
CVE-2019-8322: An issue was discovered in RubyGems 22019-06-17
OSV
CVE-2019-8322: An issue was discovered in RubyGems 22019-06-17
OSV
ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities2019-04-11

📋Vendor Advisories

3
Ubuntu
Ruby vulnerabilities2019-04-11
Red Hat
rubygems: Escape sequence injection vulnerability in gem owner2019-03-05
Debian
CVE-2019-8322: jruby - An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner c...2019

💬Community

2
Bugzilla
CVE-2019-8322 rubygems: Escape sequence injection vulnerability in gem owner2019-03-25
Bugzilla
CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 rubygems: various flaws [fedora-all]2019-03-25