CVE-2019-8324

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-8324
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8324.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-8324
Aliases
Downstream
Related
Published
2019-06-17T19:15:11.843Z
Modified
2026-05-28T04:05:19.728106348Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "rubygems:rubygems",
            "extracted_events": [
                {
                    "introduced": "2.6.0"
                },
                {
                    "last_affected": "3.0.2"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "opensuse:leap",
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "15.1"
                }
            ],
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:enterprise_linux",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/ruby/rubygems

Affected ranges

Type
GIT
Repo
https://github.com/ruby/rubygems
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d5ddf07a88a89c34339b268533de594990f7170b
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.2"
        }
    ],
    "source": "DESCRIPTION"
}

Affected versions

v1.*
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v3.*
v3.0.0
v3.0.0.beta1
v3.0.0.beta3
v3.0.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8324.json"