Description
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.md
Scores
CVSS v3
9.8
EPSS
0.2062
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
rvm_project/rvm
< 1.28.0
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026