CVE-2010-3928

high

Description

Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64746

http://www.vupen.com/english/advisories/2011/0174

http://www.securityfocus.com/bid/45841

http://secunia.com/advisories/42952

http://osvdb.org/70521

http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000005.html

http://jvn.jp/en/jp/JVN30414126/index.html

Details

Source: Mitre, NVD

Published: 2011-01-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0075