Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/bundler@1.6.9

Type gem

Namespace

Name bundler

Version 1.6.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.2.33

Latest_non_vulnerable_version 2.2.33

Affected_by_vulnerabilities

url VCID-3vzg-f63c-yfe8

vulnerability_id VCID-3vzg-f63c-yfe8

summary

Bundler allows attacker to inject arbitrary code via secondary Gem source
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334.

references

reference_url

http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7954.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7954.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7954

reference_id

reference_type

scores

value	0.02779
scoring_system	epss
scoring_elements	0.86006
published_at	2026-04-02T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86081
published_at	2026-04-18T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86076
published_at	2026-04-16T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86059
published_at	2026-04-13T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86063
published_at	2026-04-12T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86065
published_at	2026-04-11T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86051
published_at	2026-04-09T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86042
published_at	2026-04-08T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.86023
published_at	2026-04-07T12:55:00Z

value	0.02779
scoring_system	epss
scoring_elements	0.85995
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7954

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1381951

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1381951

reference_url

https://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:C/I:C/A:C

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/bundler/bundler/issues/5051

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/bundler/bundler/issues/5051

reference_url

https://github.com/bundler/bundler/issues/5062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/bundler/bundler/issues/5062

reference_url

https://github.com/rubygems/bundler

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/bundler

reference_url

https://web.archive.org/web/20170214030311/http://www.securityfocus.com/bid/93423

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170214030311/http://www.securityfocus.com/bid/93423

reference_url

http://www.openwall.com/lists/oss-security/2016/10/04/5

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/10/04/5

reference_url

http://www.openwall.com/lists/oss-security/2016/10/04/7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/10/04/7

reference_url

http://www.openwall.com/lists/oss-security/2016/10/05/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/10/05/3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-7954

reference_id

CVE-2016-7954

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-7954

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2016-7954.yml

reference_id

CVE-2016-7954.YML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2016-7954.yml

reference_url

https://github.com/advisories/GHSA-jvgm-pfqv-887x

reference_id

GHSA-jvgm-pfqv-887x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jvgm-pfqv-887x

fixed_packages

url pkg:gem/bundler@2.0.0

purl pkg:gem/bundler@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dy2a-n93k-yfgd

vulnerability	VCID-vsps-vp65-p3cw

vulnerability	VCID-xbrw-47yv-wqcr

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bundler@2.0.0

aliases CVE-2016-7954, GHSA-jvgm-pfqv-887x

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vzg-f63c-yfe8

url VCID-vsps-vp65-p3cw

vulnerability_id VCID-vsps-vp65-p3cw

summary

Insecure path handling in Bundler
Bundler prior to 2.1.0 uses a predictable path in `/tmp/`, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3881.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3881.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3881

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.3575
published_at	2026-04-18T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35655
published_at	2026-04-01T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35853
published_at	2026-04-02T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.3588
published_at	2026-04-04T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.3571
published_at	2026-04-07T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35756
published_at	2026-04-08T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35779
published_at	2026-04-09T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35788
published_at	2026-04-11T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35743
published_at	2026-04-12T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.3572
published_at	2026-04-13T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35761
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3881

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1651826

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1651826

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-g98m-96g9-wfjq

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-g98m-96g9-wfjq

reference_url

https://github.com/rubygems/bundler

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/bundler

reference_url

https://github.com/rubygems/bundler/issues/6501

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/bundler/issues/6501

reference_url

https://github.com/rubygems/bundler/pull/7416/commits/65cfebb041c454c246aaf32a177b0243915a9998

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/bundler/pull/7416/commits/65cfebb041c454c246aaf32a177b0243915a9998

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2019-3881.yml

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2019-3881.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3881

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3881

reference_url	https://security.gentoo.org/glsa/202408-22
reference_id	GLSA-202408-22
reference_type
scores
url	https://security.gentoo.org/glsa/202408-22

reference_url	https://access.redhat.com/errata/RHSA-2021:2230
reference_id	RHSA-2021:2230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2230

reference_url	https://access.redhat.com/errata/RHSA-2021:2588
reference_id	RHSA-2021:2588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2588

reference_url	https://usn.ubuntu.com/USN-4870-1/
reference_id	USN-USN-4870-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4870-1/

fixed_packages

url pkg:gem/bundler@2.1.0

purl pkg:gem/bundler@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dy2a-n93k-yfgd

vulnerability	VCID-xbrw-47yv-wqcr

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bundler@2.1.0

aliases CVE-2019-3881, GHSA-g98m-96g9-wfjq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsps-vp65-p3cw

url VCID-xbrw-47yv-wqcr

vulnerability_id VCID-xbrw-47yv-wqcr

summary

Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false.

To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the
commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables.

Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43809

reference_id

reference_type

scores

value	0.01553
scoring_system	epss
scoring_elements	0.81467
published_at	2026-04-18T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81466
published_at	2026-04-16T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81429
published_at	2026-04-13T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81363
published_at	2026-04-01T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81372
published_at	2026-04-02T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81394
published_at	2026-04-04T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81393
published_at	2026-04-07T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81421
published_at	2026-04-08T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81427
published_at	2026-04-09T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81436
published_at	2026-04-12T12:55:00Z

value	0.01553
scoring_system	epss
scoring_elements	0.81448
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubygems/rubygems

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems

reference_url

https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3

reference_url

https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f

reference_url

https://github.com/rubygems/rubygems/pull/5142

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/pull/5142

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html

reference_url

https://www.sonarsource.com/blog/securing-developer-tools-package-managers

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.sonarsource.com/blog/securing-developer-tools-package-managers

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2035260
reference_id	2035260
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2035260

reference_url

https://security.archlinux.org/AVG-2615

reference_id

AVG-2615

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2615

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-43809

reference_id

CVE-2021-43809

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43809

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml

reference_id

CVE-2021-43809.YML

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml

reference_url

https://github.com/advisories/GHSA-fj7f-vq84-fh43

reference_id

GHSA-fj7f-vq84-fh43

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fj7f-vq84-fh43

reference_url

https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43

reference_id

GHSA-fj7f-vq84-fh43

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43

reference_url	https://security.gentoo.org/glsa/202408-22
reference_id	GLSA-202408-22
reference_type
scores
url	https://security.gentoo.org/glsa/202408-22

reference_url	https://access.redhat.com/errata/RHSA-2025:7539
reference_id	RHSA-2025:7539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7539

fixed_packages

url	pkg:gem/bundler@2.2.33
purl	pkg:gem/bundler@2.2.33
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/bundler@2.2.33

aliases CVE-2021-43809, GHSA-fj7f-vq84-fh43

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbrw-47yv-wqcr

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bundler@1.6.9

Package Instance