FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

RubyGems -- multiple vulnerabilities

Affected packages
ruby23-gems < 3.0.2
ruby24-gems < 3.0.2
ruby25-gems < 3.0.2

Details

VuXML ID 27b12d04-4722-11e9-8b7c-b5e01141761f
Discovery 2019-03-05
Entry 2019-03-15

RubyGems Security Advisories:

CVE-2019-8320: Delete directory using symlink when decompressing tar

CVE-2019-8321: Escape sequence injection vulnerability in 'verbose'

CVE-2019-8322: Escape sequence injection vulnerability in 'gem owner'

CVE-2019-8323: Escape sequence injection vulnerability in API response handling

CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution

CVE-2019-8325: Escape sequence injection vulnerability in errors

[source]

References

CVE Name CVE-2019-8320
CVE Name CVE-2019-8321
CVE Name CVE-2019-8322
CVE Name CVE-2019-8323
CVE Name CVE-2019-8324
CVE Name CVE-2019-8325
URL https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
URL https://github.com/rubygems/rubygems/blob/master/History.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.