SCA: security update for rubygems-update (GHSA-mh37-8c3g-3fgc)

high Tenable Cloud Security Plugin ID 423290

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the
contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence
injection may occur. (CVE-2019-8322)

See Also

https://github.com/advisories/GHSA-mh37-8c3g-3fgc

Plugin Details

Severity: High

ID: 423290

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 3/29/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2019-8322

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/20/2019

Vulnerability Publication Date: 4/23/2019

Reference Information

CVE: CVE-2019-8322

cwe: CWE-74