CVE-2019-8322
HIGHRubyGems 2.6.0-3.0.2 - Escape Sequence Injection via gem owner Command
Title source: llmDescription
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
References (3)
Core 3
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/315087
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
Scores
CVSS v3
7.5
EPSS
0.0033
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-74
Status
published
Products (5)
debian/debian_linux
9.0
opensuse/leap
15.0
opensuse/leap
15.1
rubygems/rubygems
2.6.0 - 3.0.2
rubygems/rubygems-update
2.6.0 - 2.7.9RubyGems
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026