CVE-2019-8321

MEDIUM

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

https://hackerone.com/reports/317330

https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html

Details

Source: MITRE

Published: 2019-06-17

Updated: 2020-08-19

Type: CWE-88

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
139628Debian DLA-2330-1 : jruby security updateNessusDebian Local Security Checks
high
137897RHEL 7 : ruby (RHSA-2020:2769)NessusRed Hat Local Security Checks
medium
137599SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)NessusSuSE Local Security Checks
high
135605EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2020-1443)NessusHuawei Local Security Checks
high
128935EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1932)NessusHuawei Local Security Checks
medium
128818EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1895)NessusHuawei Local Security Checks
medium
127811Amazon Linux AMI : ruby20 / ruby21,ruby24 (ALAS-2019-1255)NessusAmazon Linux Local Security Checks
high
126904openSUSE Security Update : ruby-bundled-gems-rpmhelper / ruby2.5 (openSUSE-2019-1771)NessusSuSE Local Security Checks
high
126617SUSE SLED15 / SLES15 Security Update : ruby-bundled-gems-rpmhelper, ruby2.5 (SUSE-SU-2019:1804-1)NessusSuSE Local Security Checks
high
125297Debian DLA-1796-1 : jruby security updateNessusDebian Local Security Checks
high
124728Fedora 28 : ruby (2019-feac6674b7)NessusFedora Local Security Checks
high
124574Fedora 29 : ruby (2019-a155364f3c)NessusFedora Local Security Checks
high
124096Debian DSA-4433-1 : ruby2.3 - security updateNessusDebian Local Security Checks
high
122883FreeBSD : RubyGems -- multiple vulnerabilities (27b12d04-4722-11e9-8b7c-b5e01141761f)NessusFreeBSD Local Security Checks
high