CVE-2017-0899

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

References

Affected packages

Git / github.com/ruby/rubygems

Affected ranges

Type: GIT
Repo: https://github.com/ruby/rubygems
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1bcbc7fe637b03145401ec9c094066285934a7f1

Fixed

ef0aa611effb5f54d40c7fba6e8235eb43c5a491

Affected versions

v1.*

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.8.0

v1.8.1

v1.8.2

v2.*

v2.0.0

v2.0.0.preview2

v2.0.0.preview2.1

v2.0.0.preview2.2

v2.0.0.rc.1

v2.0.0.rc.2

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.0.rc.1

v2.1.0.rc.2

v2.1.1

v2.1.2

v2.1.3

v2.2.0.preview.1

v2.2.0.rc.1

v2.2.1

v2.3.0

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0899.json"

Git / github.com/rubygems/rubygems

Affected ranges

Type: GIT
Repo: https://github.com/rubygems/rubygems
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0899.json"