CVE-2019-8322high
Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://hackerone.com/reports/315087
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
Details
Source: MITRE
Published: 2019-06-17
Updated: 2020-08-19
Type: CWE-74
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH