V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-8325
AST
Medium

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape s…

CVSS
5.3
Medium
EPSS
0.03
p87
Published
2019-01-01
Updated
2019-01-01
Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)

Tags · CWE
Pre-auth
CWE-74
CWE-88
CAPEC-3
CAPEC-6
CAPEC-7
CAPEC-8
CAPEC-9
CAPEC-10
CAPEC-13
CAPEC-14
CAPEC-24
CAPEC-28
CAPEC-34
CAPEC-41
CAPEC-42
CAPEC-43
CAPEC-45
CAPEC-46
CAPEC-47
CAPEC-51
CAPEC-52
CAPEC-53
CAPEC-64
CAPEC-67
CAPEC-71
CAPEC-72
CAPEC-76
CAPEC-78
CAPEC-79
CAPEC-80
CAPEC-83
CAPEC-84
CAPEC-88
CAPEC-101
CAPEC-105
CAPEC-108
CAPEC-120
CAPEC-135
CAPEC-137
CAPEC-174
CAPEC-250
CAPEC-267
CAPEC-273
CAPEC-460
Affected products
CfmeCfme-amazon-smartstateCfme-applianceCfme-gemsetJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJrubyJruby
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: L
Low (L)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.034 · p87
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-267 · CWE-74
└ via CAPEC-13 · CWE-74
└ via CAPEC-13 · CWE-74
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Debian LinuxRuby2.3Ruby2.1Ruby2.5RubygemsJruby
Canonical
Ruby1.9.1Ruby2.3Ruby2.0JrubyRuby2.5
Red Hat
RubyCfmeCfme-gemsetCfme-applianceCfme-amazon-smartstateRh-ruby24-rubyRh-ruby25-ruby
Группа Астра (РусБИТех)
Ruby2.3
Opensuse
Leap
Rubygems
Rubygems
ProductVendorStatus
cfmeTracked
cfme-amazon-smartstateTracked
cfme-applianceTracked
cfme-gemsetTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
jrubyTracked
Showing first 20 of 52
Source databases
AST
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2020-00755