GHSA-mh37-8c3g-3fgc

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-mh37-8c3g-3fgc/GHSA-mh37-8c3g-3fgc.json
Aliases
Published
2019-06-20T16:06:00Z
Modified
2022-11-22T01:04:04.126604Z
Details

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

References

Affected packages

RubyGems / rubygems-update

rubygems-update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.0
Fixed
2.7.9

Affected versions

2.*

2.6.0
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.4.pre1
2.7.5
2.7.6
2.7.7
2.7.8

RubyGems / rubygems-update

rubygems-update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.2

Affected versions

3.*

3.0.0
3.0.1