CVE-2019-8323

MEDIUM

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

https://hackerone.com/reports/315081

https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html

Details

Source: MITRE

Published: 2019-06-17

Updated: 2020-08-19

Type: CWE-74

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
139628Debian DLA-2330-1 : jruby security updateNessusDebian Local Security Checks
high
137897RHEL 7 : ruby (RHSA-2020:2769)NessusRed Hat Local Security Checks
medium
137599SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)NessusSuSE Local Security Checks
high
127811Amazon Linux AMI : ruby20 / ruby21,ruby24 (ALAS-2019-1255)NessusAmazon Linux Local Security Checks
high
127299NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0084)NessusNewStart CGSL Local Security Checks
medium
127292NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0080)NessusNewStart CGSL Local Security Checks
medium
126961Amazon Linux 2 : ruby (ALAS-2019-1249)NessusAmazon Linux Local Security Checks
medium
126904openSUSE Security Update : ruby-bundled-gems-rpmhelper / ruby2.5 (openSUSE-2019-1771)NessusSuSE Local Security Checks
high
126846EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-1718)NessusHuawei Local Security Checks
high
126617SUSE SLED15 / SLES15 Security Update : ruby-bundled-gems-rpmhelper, ruby2.5 (SUSE-SU-2019:1804-1)NessusSuSE Local Security Checks
high
125569EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)NessusHuawei Local Security Checks
high
125524EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1597)NessusHuawei Local Security Checks
medium
125316CentOS 7 : ruby (CESA-2019:1235)NessusCentOS Local Security Checks
medium
125297Debian DLA-1796-1 : jruby security updateNessusDebian Local Security Checks
high
125208Scientific Linux Security Update : ruby on SL7.x x86_64 (20190515)NessusScientific Linux Local Security Checks
medium
125201RHEL 7 : ruby (RHSA-2019:1235)NessusRed Hat Local Security Checks
medium
125191Oracle Linux 7 : ruby (ELSA-2019-1235)NessusOracle Linux Local Security Checks
medium
124728Fedora 28 : ruby (2019-feac6674b7)NessusFedora Local Security Checks
high
124574Fedora 29 : ruby (2019-a155364f3c)NessusFedora Local Security Checks
high
124096Debian DSA-4433-1 : ruby2.3 - security updateNessusDebian Local Security Checks
high
123522Debian DLA-1735-1 : ruby2.1 security updateNessusDebian Local Security Checks
high
122883FreeBSD : RubyGems -- multiple vulnerabilities (27b12d04-4722-11e9-8b7c-b5e01141761f)NessusFreeBSD Local Security Checks
high