GHSA-49jx-9cmc-xjxm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-49jx-9cmc-xjxm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-49jx-9cmc-xjxm/GHSA-49jx-9cmc-xjxm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-49jx-9cmc-xjxm
- Aliases
-
- CVE-2013-0334
- Published
- 2022-05-05T02:48:48Z
- Modified
- 2024-12-06T05:31:01.084668Z
- Summary
- Bundler may install gems from a different source than expected
- Details
-
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
- Database specific
{ "nvd_published_at": "2014-10-31T14:55:00Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-20" ], "github_reviewed_at": "2023-03-20T19:50:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-0334
- https://github.com/rubygems/bundler
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2013-0334.yml
- https://security.gentoo.org/glsa/201609-02
- https://web.archive.org/web/20210122060358/https://www.securityfocus.com/bid/70099
- http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Affected packages
RubyGems / bundler
Package
- Name
- bundler
- Purl
- pkg:gem/bundler
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.0
Affected versions
0.*
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0
0.6.0
0.7.0
0.7.1
0.7.2
0.7.3.pre
0.7.3.pre2
0.8.0
0.8.1
0.9.0.pre1
0.9.0.pre2
0.9.0.pre3
0.9.0.pre4
0.9.0.pre5
0.9.0
0.9.1.pre1
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.16
0.9.17
0.9.18
0.9.19
0.9.20
0.9.21
0.9.22
0.9.23
0.9.24
0.9.25
0.9.26
1.*
1.0.0.beta.1
1.0.0.beta.2
1.0.0.beta.3
1.0.0.beta.4
1.0.0.beta.5
1.0.0.beta.8
1.0.0.beta.9
1.0.0.beta.10
1.0.0.rc.1
1.0.0.rc.2
1.0.0.rc.3
1.0.0.rc.5
1.0.0.rc.6
1.0.0
1.0.2
1.0.3
1.0.5
1.0.7
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.17
1.0.18
1.0.19.rc
1.0.20.rc
1.0.20
1.0.21.rc
1.0.21
1.0.22
1.1.pre
1.1.pre.1
1.1.pre.2
1.1.pre.3
1.1.pre.4
1.1.pre.5
1.1.pre.7
1.1.pre.8
1.1.pre.9
1.1.pre.10
1.1.rc
1.1.rc.2
1.1.rc.3
1.1.rc.5
1.1.rc.6
1.1.rc.7
1.1.rc.8
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0.pre
1.2.0.pre.1
1.2.0.rc
1.2.0.rc.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0.pre
1.3.0.pre.2
1.3.0.pre.3
1.3.0.pre.4
1.3.0.pre.5
1.3.0.pre.6
1.3.0.pre.7
1.3.0.pre.8
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4.0.pre.1
1.4.0.pre.2
1.4.0.rc.1
1.5.0.rc.1
1.5.0.rc.2
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0.pre.1
1.6.0.pre.2
1.6.0.rc
1.6.0.rc2
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9