CVE-2019-8321
- Source
- https://cve.org/CVERecord?id=CVE-2019-8321
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8321.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-8321
- Aliases
- Downstream
- Related
- Published
- 2019-06-17T20:15:10.307Z
- Modified
- 2026-05-28T04:05:19.788749070Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "introduced": "2.6.0" }, { "last_affected": "3.0.2" } ], "cpes": [ "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*" ], "source": "CPE_RANGE", "vendor_product": "rubygems:rubygems" }, { "extracted_events": [ { "last_affected": "9.0" } ], "source": "CPE_STRING", "vendor_product": "debian:debian_linux", "cpes": [ "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ], "vendor_product": "opensuse:leap", "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "source": "CPE_STRING" } ] }- References
Affected packages
Git / github.com/ruby/rubygems
Affected versions
v1.*
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v3.*
v3.0.0
v3.0.0.beta1
v3.0.0.beta3
v3.0.1