CVE-2019-8322

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-8322

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8322.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-8322

Aliases

GHSA-mh37-8c3g-3fgc

Related

Published

2019-06-17T20:15:10Z

Modified

2024-09-11T04:32:25.417824Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

References

Affected packages

Alpine:v3.6 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.6-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.2-r0

2.4.3-r0

2.4.4-r0

2.4.5-r0

Alpine:v3.7 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.6-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.4.4-r0

2.4.5-r0

Alpine:v3.8 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.5-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

Alpine:v3.9 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.5-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

Debian:12 / jruby

Package

Name: jruby
Purl: pkg:deb/debian/jruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.17.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jruby

Package

Name: jruby
Purl: pkg:deb/debian/jruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.17.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / rubygems

Package

Name: rubygems
Purl: pkg:deb/debian/rubygems?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0~rc.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rubygems

Package

Name: rubygems
Purl: pkg:deb/debian/rubygems?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0~rc.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rubygems

Package

Name: rubygems
Purl: pkg:deb/debian/rubygems?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.0~rc.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rubygems/rubygems

Affected ranges

Type: GIT
Repo: https://github.com/rubygems/rubygems
Events: Introduced

4bfc34cb00f3be715d811bf9106e01a4893fbf92

Last affected

d5ddf07a88a89c34339b268533de594990f7170b

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.6.14

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v3.*

v3.0.0

v3.0.0.beta1

v3.0.0.beta3

v3.0.1

v3.0.2