CVE-2019-8325
- Source
- https://cve.org/CVERecord?id=CVE-2019-8325
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8325.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-8325
- Aliases
- Downstream
- Related
- Published
- 2019-06-17T19:15:11.890Z
- Modified
- 2026-05-28T04:05:19.686301297Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*" ], "vendor_product": "rubygems:rubygems", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "2.6.0" }, { "last_affected": "3.0.2" } ] }, { "cpes": [ "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "vendor_product": "debian:debian_linux", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "9.0" } ] }, { "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "15.1" } ], "vendor_product": "opensuse:leap", "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ] } ] }- References
Affected packages
Git / github.com/ruby/rubygems
Affected versions
v1.*
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v3.*
v3.0.0
v3.0.0.beta1
v3.0.0.beta3
v3.0.1