Vulnerability CVE-2017-0901 - Russian Vulnerability Scanner Database

Description

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

Tags · CWE

Pre-auth

CWE-138

CWE-22

CAPEC-15

CAPEC-34

CAPEC-64

CAPEC-76

CAPEC-78

CAPEC-79

CAPEC-105

CAPEC-126

Affected products

JrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyRh-ruby22-rubyRh-ruby22-rubyRh-ruby22-rubyRh-ruby22-ruby

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Timeline

2017-01-01

Published

2017-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: H

High (H)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.294 · p97

Known exploited (KEV)

No

Known exploits — Сканер-ВС

42611

exploitdb · https://www.exploit-db.com/exploits/42611

Enterprise

Affected products

Product	Vendor	Status
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
jruby		Tracked
rh-ruby22-ruby		Tracked
rh-ruby22-ruby		Tracked
rh-ruby22-ruby		Tracked
rh-ruby22-ruby		Tracked

Showing first 20 of 50

Source databases

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2018-00026

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any …