CVE-2019-8324
Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.511
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Ruby-rubygems-update 2.7.9 | Windows |
| Vulnerabilities CVE-2019-8325,CVE-2019-8324,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323 are fixed in Ruby-rubygems-update 3.0.2 | Windows |
| ruby2.3 security update(DSA-4433-1) ruby2.3_2.3.3-1+deb9u6_i386.deb | Linux |
| ruby2.3 security update(DSA-4433-1) ruby2.3_2.3.3-1+deb9u6_amd64.deb | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-2.5.3-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-2.5.3-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-debugsource-2.5.3-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-debugsource-2.5.3-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-devel-2.5.3-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-devel-2.5.3-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-doc-2.5.3-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-irb-2.5.3-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-libs-2.5.3-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update ruby-libs-2.5.3-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-abrt-0.3.0-4.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-abrt-doc-0.3.0-4.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bigdecimal-1.3.4-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bigdecimal-1.3.4-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bson-4.3.0-2.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bson-debugsource-4.3.0-2.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bson-doc-4.3.0-2.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bundler-1.16.1-3.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-bundler-doc-1.16.1-3.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-did_you_mean-1.2.0-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-io-console-0.4.6-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-io-console-0.4.6-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-json-2.1.0-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-json-2.1.0-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-minitest-5.10.3-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-mongo-2.5.1-2.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-mongo-doc-2.5.1-2.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-mysql2-0.4.10-4.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-mysql2-debugsource-0.4.10-4.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-mysql2-doc-0.4.10-4.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-net-telnet-0.1.1-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-openssl-2.1.2-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-openssl-2.1.2-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-pg-1.0.0-2.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-pg-debugsource-1.0.0-2.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-pg-doc-1.0.0-2.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-power_assert-1.1.1-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-psych-3.0.2-104.module+el8.0.0+3250+4b7d6d43.i686.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-psych-3.0.2-104.module+el8.0.0+3250+4b7d6d43.x86_64.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-rake-12.3.0-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-rdoc-6.0.1-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-test-unit-3.2.7-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygem-xmlrpc-0.3.0-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygems-2.7.6-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| (RHSA-2019:1972) ruby:2.5 security update rubygems-devel-2.7.6-104.module+el8.0.0+3250+4b7d6d43.noarch.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpm | Linux |
| Ruby update (ELSA-2019-1972) ruby-2.5.3-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Ruby-devel update (ELSA-2019-1972) ruby-devel-2.5.3-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Ruby-libs update (ELSA-2019-1972) ruby-libs-2.5.3-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2019-1972) rubygem-bigdecimal-1.3.4-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-bson update (ELSA-2019-1972) rubygem-bson-4.3.0-2.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-io-console update (ELSA-2019-1972) rubygem-io-console-0.4.6-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-json update (ELSA-2019-1972) rubygem-json-2.1.0-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-mysql2 update (ELSA-2019-1972) rubygem-mysql2-0.4.10-4.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-openssl update (ELSA-2019-1972) rubygem-openssl-2.1.2-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-pg update (ELSA-2019-1972) rubygem-pg-1.0.0-2.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Rubygem-psych update (ELSA-2019-1972) rubygem-psych-3.0.2-104.module+el8.0.0+5238+4f9ac61b.x86_64.rpm | Linux |
| Ruby-doc update (ELSA-2019-1972) ruby-doc-2.5.3-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Ruby-irb update (ELSA-2019-1972) ruby-irb-2.5.3-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-abrt update (ELSA-2019-1972) rubygem-abrt-0.3.0-4.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-abrt-doc update (ELSA-2019-1972) rubygem-abrt-doc-0.3.0-4.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-bson-doc update (ELSA-2019-1972) rubygem-bson-doc-4.3.0-2.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-bundler update (ELSA-2019-1972) rubygem-bundler-1.16.1-3.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-bundler-doc update (ELSA-2019-1972) rubygem-bundler-doc-1.16.1-3.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-did_you_mean update (ELSA-2019-1972) rubygem-did_you_mean-1.2.0-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-minitest update (ELSA-2019-1972) rubygem-minitest-5.10.3-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-mongo update (ELSA-2019-1972) rubygem-mongo-2.5.1-2.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-mongo-doc update (ELSA-2019-1972) rubygem-mongo-doc-2.5.1-2.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-mysql2-doc update (ELSA-2019-1972) rubygem-mysql2-doc-0.4.10-4.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-net-telnet update (ELSA-2019-1972) rubygem-net-telnet-0.1.1-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-pg-doc update (ELSA-2019-1972) rubygem-pg-doc-1.0.0-2.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-power_assert update (ELSA-2019-1972) rubygem-power_assert-1.1.1-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-rake update (ELSA-2019-1972) rubygem-rake-12.3.0-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-rdoc update (ELSA-2019-1972) rubygem-rdoc-6.0.1-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-test-unit update (ELSA-2019-1972) rubygem-test-unit-3.2.7-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygem-xmlrpc update (ELSA-2019-1972) rubygem-xmlrpc-0.3.0-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygems update (ELSA-2019-1972) rubygems-2.7.6-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Rubygems-devel update (ELSA-2019-1972) rubygems-devel-2.7.6-104.module+el8.0.0+5238+4f9ac61b.noarch.rpm | Linux |
| Ruby update (ELSA-2019-1972) ruby-2.5.3-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Ruby-devel update (ELSA-2019-1972) ruby-devel-2.5.3-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Ruby-libs update (ELSA-2019-1972) ruby-libs-2.5.3-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2019-1972) rubygem-bigdecimal-1.3.4-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Rubygem-io-console update (ELSA-2019-1972) rubygem-io-console-0.4.6-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Rubygem-json update (ELSA-2019-1972) rubygem-json-2.1.0-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Rubygem-openssl update (ELSA-2019-1972) rubygem-openssl-2.1.2-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Rubygem-psych update (ELSA-2019-1972) rubygem-psych-3.0.2-104.module+el8.0.0+5238+4f9ac61b.i686.rpm | Linux |
| Ruby update (ELSA-2019-2028) ruby-2.0.0.648-36.el7.x86_64.rpm | Linux |
| Ruby-irb update (ELSA-2019-2028) ruby-irb-2.0.0.648-36.el7.noarch.rpm | Linux |
| Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.i686.rpm | Linux |
| Ruby-libs update (ELSA-2019-2028) ruby-libs-2.0.0.648-36.el7.x86_64.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2019-2028) rubygem-bigdecimal-1.2.0-36.el7.x86_64.rpm | Linux |
| Rubygem-io-console update (ELSA-2019-2028) rubygem-io-console-0.4.2-36.el7.x86_64.rpm | Linux |
| Rubygem-json update (ELSA-2019-2028) rubygem-json-1.7.7-36.el7.x86_64.rpm | Linux |
| Rubygem-psych update (ELSA-2019-2028) rubygem-psych-2.0.0-36.el7.x86_64.rpm | Linux |
| Rubygem-rdoc update (ELSA-2019-2028) rubygem-rdoc-4.0.0-36.el7.noarch.rpm | Linux |
| Rubygems update (ELSA-2019-2028) rubygems-2.0.14.1-36.el7.noarch.rpm | Linux |
| Multiple vulnerabilities are fixed in Ruby-rubygems-update for Linux 2.7.9 | Linux |
| Vulnerabilities CVE-2019-8325,CVE-2019-8324,CVE-2019-8321,CVE-2019-8322,CVE-2019-8323 are fixed in Ruby-rubygems-update for Linux 3.0.2 | Linux |
| Improper Control of Generation of Code (Code Injection) Vulnerability (CVE-2019-8324) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234