Home

CVE-2019-8321

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.332

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Ruby-rubygems-update 2.7.9Windows
Vulnerabilities CVE-2019-8325,CVE-2019-8324,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323 are fixed in Ruby-rubygems-update 3.0.2Windows
ruby2.3 security update(DSA-4433-1) ruby2.3_2.3.3-1+deb9u6_i386.debLinux
ruby2.3 security update(DSA-4433-1) ruby2.3_2.3.3-1+deb9u6_amd64.debLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
Ruby update (ELSA-2019-1235) ruby-2.0.0.648-35.el7_6.x86_64.rpmLinux
Ruby-devel update (ELSA-2019-1235) ruby-devel-2.0.0.648-35.el7_6.x86_64.rpmLinux
Ruby-libs update (ELSA-2019-1235) ruby-libs-2.0.0.648-35.el7_6.x86_64.rpmLinux
Ruby-tcltk update (ELSA-2019-1235) ruby-tcltk-2.0.0.648-35.el7_6.x86_64.rpmLinux
Rubygem-bigdecimal update (ELSA-2019-1235) rubygem-bigdecimal-1.2.0-35.el7_6.x86_64.rpmLinux
Rubygem-io-console update (ELSA-2019-1235) rubygem-io-console-0.4.2-35.el7_6.x86_64.rpmLinux
Rubygem-json update (ELSA-2019-1235) rubygem-json-1.7.7-35.el7_6.x86_64.rpmLinux
Rubygem-psych update (ELSA-2019-1235) rubygem-psych-2.0.0-35.el7_6.x86_64.rpmLinux
Ruby-doc update (ELSA-2019-1235) ruby-doc-2.0.0.648-35.el7_6.noarch.rpmLinux
Ruby-irb update (ELSA-2019-1235) ruby-irb-2.0.0.648-35.el7_6.noarch.rpmLinux
Rubygem-minitest update (ELSA-2019-1235) rubygem-minitest-4.3.2-35.el7_6.noarch.rpmLinux
Rubygem-rake update (ELSA-2019-1235) rubygem-rake-0.9.6-35.el7_6.noarch.rpmLinux
Rubygem-rdoc update (ELSA-2019-1235) rubygem-rdoc-4.0.0-35.el7_6.noarch.rpmLinux
Rubygems update (ELSA-2019-1235) rubygems-2.0.14.1-35.el7_6.noarch.rpmLinux
Rubygems-devel update (ELSA-2019-1235) rubygems-devel-2.0.14.1-35.el7_6.noarch.rpmLinux
Ruby-libs update (ELSA-2019-1235) ruby-libs-2.0.0.648-35.el7_6.i686.rpmLinux
Ruby update (ELSA-2019-2028) ruby-2.0.0.648-36.el7.x86_64.rpmLinux
Ruby-irb update (ELSA-2019-2028) ruby-irb-2.0.0.648-36.el7.noarch.rpmLinux
Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.i686.rpmLinux
Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.x86_64.rpmLinux
Rubygem-bigdecimal update (ELSA-2019-2028) rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpmLinux
Rubygem-io-console update (ELSA-2019-2028) rubygem-io-console-0.4.2-36.el7.x86_64.rpmLinux
Rubygem-json update (ELSA-2019-2028) rubygem-json-1.7.7-36.el7.x86_64.rpmLinux
Rubygem-psych update (ELSA-2019-2028) rubygem-psych-2.0.0-36.el7.x86_64.rpmLinux
Rubygem-rdoc update (ELSA-2019-2028) rubygem-rdoc-4.0.0-36.el7.noarch.rpmLinux
Rubygems update (ELSA-2019-2028) rubygems-2.0.14.1-36.el7.noarch.rpmLinux
Multiple vulnerabilities are fixed in Ruby-rubygems-update for Linux 2.7.9Linux
Vulnerabilities CVE-2019-8325,CVE-2019-8324,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323 are fixed in Ruby-rubygems-update for Linux 3.0.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234