CVE-2019-8323
- Source
- https://cve.org/CVERecord?id=CVE-2019-8323
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8323.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-8323
- Aliases
- Downstream
- Related
- Published
- 2019-06-17T20:15:10.400Z
- Modified
- 2026-06-18T03:56:34.791263174Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
- Database specific
{ "unresolved_ranges": [ { "vendor_product": "rubygems:rubygems", "extracted_events": [ { "introduced": "2.6.0" }, { "last_affected": "3.0.2" } ], "cpes": [ "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*" ], "source": "CPE_RANGE" }, { "vendor_product": "debian:debian_linux", "extracted_events": [ { "last_affected": "9.0" } ], "cpes": [ "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING" }, { "vendor_product": "opensuse:leap", "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ], "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ], "source": "CPE_STRING" } ] }- References
Affected packages
Git / github.com/ruby/rubygems
Affected versions
v1.*
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v3.*
v3.0.0
v3.0.0.beta1
v3.0.0.beta3
v3.0.1