vulnerability

FreeBSD: VID-27b12d04-4722-11e9-8b7c-b5e01141761f (CVE-2019-8324): RubyGems -- multiple vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Mar 15, 2019

Added

Mar 16, 2019

Modified

Jun 15, 2026

Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

Solutions

freebsd-upgrade-package-ruby23-gemsfreebsd-upgrade-package-ruby24-gemsfreebsd-upgrade-package-ruby25-gems

References

CVE-2019-8324
https://attackerkb.com/topics/CVE-2019-8324
CWE-94
EUVD-EUVD-2019-0514
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-0514

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report