-
Notifications
You must be signed in to change notification settings - Fork 289
/
GHSA-3h4r-pjv6-cph9.json
92 lines (92 loc) · 2.21 KB
/
GHSA-3h4r-pjv6-cph9.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
{
"schema_version": "1.4.0",
"id": "GHSA-3h4r-pjv6-cph9",
"modified": "2023-08-28T13:23:44Z",
"published": "2019-06-20T16:05:57Z",
"aliases": [
"CVE-2019-8323"
],
"summary": "RubyGems Escape sequence injection vulnerability in api response handling",
"details": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.7.9"
}
]
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.2"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8323"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/315081"
},
{
"type": "WEB",
"url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8323.yml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
}
],
"database_specific": {
"cwe_ids": [
"CWE-74"
],
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2019-06-20T15:59:33Z",
"nvd_published_at": null
}
}