vulnerability

Alma Linux: CVE-2019-8324: Important: ruby:2.5 security update (ALSA-2019-1972)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jun 17, 2019	May 13, 2022	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jun 17, 2019

Added

May 13, 2022

Modified

Aug 11, 2025

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

Solutions

alma-upgrade-rubygem-abrtalma-upgrade-rubygem-abrt-docalma-upgrade-rubygem-bsonalma-upgrade-rubygem-bson-docalma-upgrade-rubygem-mongoalma-upgrade-rubygem-mongo-docalma-upgrade-rubygem-mysql2alma-upgrade-rubygem-mysql2-docalma-upgrade-rubygem-pgalma-upgrade-rubygem-pg-doc

References

CVE-2019-8324
https://attackerkb.com/topics/CVE-2019-8324
CWE-94
URL-https://errata.almalinux.org/8/ALSA-2019-1972.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today