UBUNTU-CVE-2019-8322
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2019-8322
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-8322.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-8322
- Related
- Published
- 2019-03-27T00:00:00Z
- Modified
- 2019-03-27T00:00:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
- References
-
- https://ubuntu.com/security/CVE-2019-8322
- https://bugs.ruby-lang.org/attachments/7669
- https://bugs.ruby-lang.org/attachments/7670
- https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
- https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
- https://ubuntu.com/security/notices/USN-3945-1
- https://www.cve.org/CVERecord?id=CVE-2019-8322
Affected packages
Ubuntu:14.04:LTS / ruby1.9.1
Package
- Name
- ruby1.9.1
- Purl
- pkg:deb/ubuntu/ruby1.9.1@1.9.3.484-2ubuntu1.14?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.9.3.484-2ubuntu1.14
Affected versions
1.*
1.9.3.194-8.1ubuntu2
1.9.3.448-1ubuntu1
1.9.3.448-1ubuntu2
1.9.3.484-1ubuntu1
1.9.3.484-1ubuntu2
1.9.3.484-2ubuntu1
1.9.3.484-2ubuntu1.1
1.9.3.484-2ubuntu1.2
1.9.3.484-2ubuntu1.3
1.9.3.484-2ubuntu1.5
1.9.3.484-2ubuntu1.6
1.9.3.484-2ubuntu1.7
1.9.3.484-2ubuntu1.8
1.9.3.484-2ubuntu1.10
1.9.3.484-2ubuntu1.11
1.9.3.484-2ubuntu1.12
1.9.3.484-2ubuntu1.13
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ri1.9.1": "1.9.3.484-2ubuntu1.14",
"ruby1.9.1-dbgsym": "1.9.3.484-2ubuntu1.14",
"libruby1.9.1-dbg": "1.9.3.484-2ubuntu1.14",
"libtcltk-ruby1.9.1-dbgsym": "1.9.3.484-2ubuntu1.14",
"libtcltk-ruby1.9.1": "1.9.3.484-2ubuntu1.14",
"libruby1.9.1": "1.9.3.484-2ubuntu1.14",
"ruby1.9.1-dev-dbgsym": "1.9.3.484-2ubuntu1.14",
"libruby1.9.1-dbgsym": "1.9.3.484-2ubuntu1.14",
"ruby1.9.1-dev": "1.9.3.484-2ubuntu1.14",
"ruby1.9.3": "1.9.3.484-2ubuntu1.14",
"ruby1.9.1-full": "1.9.3.484-2ubuntu1.14",
"ruby1.9.1-examples": "1.9.3.484-2ubuntu1.14",
"ruby1.9.1": "1.9.3.484-2ubuntu1.14"
}
]
}
Ubuntu:14.04:LTS / ruby2.0
Package
- Name
- ruby2.0
- Purl
- pkg:deb/ubuntu/ruby2.0@2.0.0.484-1ubuntu2.13?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.0.484-1ubuntu2.13
Affected versions
2.*
2.0.0.299-2
2.0.0.343-1
2.0.0.343-1ubuntu1
2.0.0.353-1
2.0.0.353-1ubuntu1
2.0.0.484-1ubuntu1
2.0.0.484-1ubuntu2
2.0.0.484-1ubuntu2.1
2.0.0.484-1ubuntu2.2
2.0.0.484-1ubuntu2.4
2.0.0.484-1ubuntu2.5
2.0.0.484-1ubuntu2.6
2.0.0.484-1ubuntu2.8
2.0.0.484-1ubuntu2.9
2.0.0.484-1ubuntu2.10
2.0.0.484-1ubuntu2.11
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libruby2.0-dbgsym": "2.0.0.484-1ubuntu2.13",
"libruby2.0": "2.0.0.484-1ubuntu2.13",
"ruby2.0-tcltk-dbgsym": "2.0.0.484-1ubuntu2.13",
"ruby2.0-doc": "2.0.0.484-1ubuntu2.13",
"ruby2.0-dev": "2.0.0.484-1ubuntu2.13",
"ruby2.0-dbgsym": "2.0.0.484-1ubuntu2.13",
"ruby2.0-tcltk": "2.0.0.484-1ubuntu2.13",
"ruby2.0": "2.0.0.484-1ubuntu2.13"
}
]
}
Ubuntu:Pro:14.04:LTS / jruby
Package
- Name
- jruby
- Purl
- pkg:deb/ubuntu/jruby@1.5.6-9+deb8u2build0.14.04.1~esm2?arch=src?distro=trusty/esm
Ubuntu:16.04:LTS / ruby2.3
Package
- Name
- ruby2.3
- Purl
- pkg:deb/ubuntu/ruby2.3@2.3.1-2~16.04.12?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.1-2~16.04.12
Affected versions
2.*
2.3.0-1
2.3.0-2
2.3.0-4ubuntu2
2.3.0-4ubuntu3
2.3.0-5ubuntu1
2.3.1-2~16.04
2.3.1-2~16.04.2
2.3.1-2~16.04.4
2.3.1-2~16.04.5
2.3.1-2~16.04.6
2.3.1-2~16.04.7
2.3.1-2~16.04.9
2.3.1-2~16.04.10
2.3.1-2~16.04.11
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"libruby2.3-dbgsym": "2.3.1-2~16.04.12",
"ruby2.3-tcltk": "2.3.1-2~16.04.12",
"ruby2.3-dev-dbgsym": "2.3.1-2~16.04.12",
"libruby2.3-dbg": "2.3.1-2~16.04.12",
"ruby2.3-dev": "2.3.1-2~16.04.12",
"ruby2.3-dbgsym": "2.3.1-2~16.04.12",
"libruby2.3": "2.3.1-2~16.04.12",
"ruby2.3-tcltk-dbgsym": "2.3.1-2~16.04.12",
"ruby2.3": "2.3.1-2~16.04.12",
"ruby2.3-doc": "2.3.1-2~16.04.12"
}
]
}
Ubuntu:18.04:LTS / ruby2.5
Package
- Name
- ruby2.5
- Purl
- pkg:deb/ubuntu/ruby2.5@2.5.1-1ubuntu1.2?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.1-1ubuntu1.2
Affected versions
2.*
2.5.0~preview1-1ubuntu2
2.5.0-4ubuntu1
2.5.0-4ubuntu4
2.5.0-5ubuntu1
2.5.0-6ubuntu1
2.5.1-1ubuntu1
2.5.1-1ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby2.5": "2.5.1-1ubuntu1.2",
"ruby2.5-dbgsym": "2.5.1-1ubuntu1.2",
"libruby2.5": "2.5.1-1ubuntu1.2",
"libruby2.5-dbgsym": "2.5.1-1ubuntu1.2",
"ruby2.5-dev": "2.5.1-1ubuntu1.2",
"ruby2.5-doc": "2.5.1-1ubuntu1.2"
}
]
}
Ubuntu:Pro:18.04:LTS / jruby
Package
- Name
- jruby