Home

CVE-2019-8323

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.332

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Ruby-rubygems-update 2.7.9Windows
Vulnerabilities CVE-2019-8325,CVE-2019-8324,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323 are fixed in Ruby-rubygems-update 3.0.2Windows
ruby2.3 security update(DSA-4433-1) ruby2.3_2.3.3-1+deb9u6_i386.debLinux
ruby2.3 security update(DSA-4433-1) ruby2.3_2.3.3-1+deb9u6_amd64.debLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
Ruby update (ELSA-2019-2028) ruby-2.0.0.648-36.el7.x86_64.rpmLinux
Ruby-irb update (ELSA-2019-2028) ruby-irb-2.0.0.648-36.el7.noarch.rpmLinux
Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.i686.rpmLinux
Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.x86_64.rpmLinux
Rubygem-bigdecimal update (ELSA-2019-2028) rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpmLinux
Rubygem-io-console update (ELSA-2019-2028) rubygem-io-console-0.4.2-36.el7.x86_64.rpmLinux
Rubygem-json update (ELSA-2019-2028) rubygem-json-1.7.7-36.el7.x86_64.rpmLinux
Rubygem-psych update (ELSA-2019-2028) rubygem-psych-2.0.0-36.el7.x86_64.rpmLinux
Rubygem-rdoc update (ELSA-2019-2028) rubygem-rdoc-4.0.0-36.el7.noarch.rpmLinux
Rubygems update (ELSA-2019-2028) rubygems-2.0.14.1-36.el7.noarch.rpmLinux
Multiple vulnerabilities are fixed in Ruby-rubygems-update for Linux 2.7.9Linux
Vulnerabilities CVE-2019-8325,CVE-2019-8324,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323 are fixed in Ruby-rubygems-update for Linux 3.0.2Linux
Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability (CVE-2019-8323)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234