CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html Mailing List Third Party Advisory
https://hackerone.com/reports/315087 Permissions Required Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-17 20:15

Updated : 2024-02-04 20:20


NVD link : CVE-2019-8322

Mitre link : CVE-2019-8322

CVE.ORG link : CVE-2019-8322


JSON object : View

Products Affected

opensuse

  • leap

debian

  • debian_linux

rubygems

  • rubygems
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')