CVE-2019-3881
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-3881
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3881.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-3881
- Aliases
- Related
- Published
- 2020-09-04T12:15:10Z
- Modified
- 2024-09-03T04:16:40.913863Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
- References
Affected packages
Git / github.com/bundler/bundler
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bundler/bundler
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/rubygems/rubygems
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.16
0.9.17
0.9.18
0.9.19
0.9.20
0.9.21
0.9.22
0.9.23
0.9.24
0.9.25
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
1.*
1.0.0
1.0.0.beta.1
1.0.0.beta.10
1.0.0.beta.2
1.0.0.beta.3
1.0.0.beta.4
1.0.0.beta.5
1.0.0.beta.6
1.0.0.beta.7
1.0.0.beta.8
1.0.0.beta.9
1.0.0.rc.1
1.0.0.rc.2
1.0.0.rc.3
1.0.0.rc.4
1.0.0.rc.5
1.0.0.rc.6
v0.*
v0.9.0
v0.9.0.pre3
v0.9.0.pre4
v0.9.0.pre5
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19.rc
v1.0.2
v1.0.20
v1.0.20.rc
v1.0.21
v1.0.21.rc
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.5
v1.1.pre
v1.1.pre.1
v1.1.pre.10
v1.1.pre.2
v1.1.pre.3
v1.1.pre.4
v1.1.pre.5
v1.1.pre.6
v1.1.pre.7
v1.1.pre.8
v1.1.pre.9
v1.1.rc
v1.1.rc.2
v1.1.rc.3
v1.1.rc.4
v1.1.rc.5
v1.1.rc.6
v1.1.rc.7
v1.1.rc.8
v1.10.0
v1.10.0.pre
v1.10.0.pre.1
v1.10.0.pre.2
v1.10.0.rc
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.11.0
v1.11.0.pre.1
v1.11.0.pre.2
v1.11.1
v1.11.2
v1.12.0
v1.12.0.pre.1
v1.12.0.pre.2
v1.12.0.rc
v1.12.0.rc.2
v1.12.0.rc.3
v1.12.0.rc.4
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.13.0
v1.13.0.pre.1
v1.13.0.rc.1
v1.13.0.rc.2
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.14.0
v1.14.0.pre.1
v1.14.0.pre.2
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.15.0
v1.15.0.pre.1
v1.15.0.pre.2
v1.15.0.pre.3
v1.15.0.pre.4
v1.15.1
v1.15.2
v1.15.3
v1.15.4
v1.16.0
v1.16.0.pre.1
v1.16.0.pre.2
v1.16.0.pre.3
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.17.0
v1.17.0.pre.2
v1.17.1
v1.17.2
v1.17.3
v1.2.0
v1.2.0.pre
v1.2.0.pre.1
v1.2.0.rc
v1.2.0.rc.2
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0
v1.3.0.pre
v1.3.0.pre.2
v1.3.0.pre.3
v1.3.0.pre.4
v1.3.0.pre.5
v1.3.0.pre.6
v1.3.0.pre.7
v1.3.0.pre.8
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.4.0.pre.1
v1.4.0.pre.2
v1.4.0.rc.1
v1.5.0
v1.5.0.rc.1
v1.5.0.rc.2
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.0.pre.1
v1.6.0.pre.2
v1.6.0.rc
v1.6.0.rc2
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.1.pre
v1.7.1.pre.2
v1.7.1.pre.3
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.0.pre
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v1.9.0
v1.9.0.pre
v1.9.0.pre.1
v1.9.0.rc
v1.9.1
v1.9.10
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
v2.*
v2.0.0
v2.0.0.pre.2
v2.0.0.pre.3
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0.pre.1
v2.1.0.pre.2
v2.1.0.pre.3
v2.1.0.rc.1
v2.1.0.rc.2