vulnerability
FreeBSD: VID-27B12D04-4722-11E9-8B7C-B5E01141761F (CVE-2019-8322): RubyGems -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | 03/05/2019 | 03/16/2019 | 06/20/2019 |
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-27B12D04-4722-11E9-8B7C-B5E01141761F:
RubyGems Security Advisories:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in 'verbose'
CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner'
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Solution(s)
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.