It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "ruby-bundler": "1.16.1-1ubuntu0.1~esm1", "bundler": "1.16.1-1ubuntu0.1~esm1" } ] }