CVE-2019-8322
- Source
- https://cve.org/CVERecord?id=CVE-2019-8322
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8322.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-8322
- Aliases
- Downstream
- Related
- Published
- 2019-06-17T20:15:10.353Z
- Modified
- 2026-05-28T04:05:19.685980530Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*" ], "vendor_product": "rubygems:rubygems", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "2.6.0" }, { "last_affected": "3.0.2" } ] }, { "cpes": [ "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "vendor_product": "debian:debian_linux", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "9.0" } ] }, { "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "vendor_product": "opensuse:leap", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ] } ] }- References
Affected packages
Git / github.com/ruby/rubygems
Affected versions
v1.*
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v3.*
v3.0.0
v3.0.0.beta1
v3.0.0.beta3
v3.0.1