VulnerableCode Package Details - pkg:ebuild/dev-ruby/bundler@1.7.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:ebuild/dev-ruby/bundler@1.7.3

Essentials
History (1)

purl	pkg:ebuild/dev-ruby/bundler@1.7.3

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-qrmf-7afx-6yd8	Remote code execution Any Gemfile with multiple top-level `source` lines cannot reliably control the gem server that a particular gem is fetched from. As a result, Bundler might install the wrong gem if more than one source provides a gem with the same name. This is especially possible in the case of Github's legacy gem server, hosted at gems.github.com. An attacker might create a malicious gem on Rubygems.org with the same name as a commonly-used Github gem. From that point forward, running `bundle install` might result in the malicious gem being used instead of the expected gem.	CVE-2013-0334 GHSA-49jx-9cmc-xjxm OSV-110004

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:03:33.583996+00:00	Gentoo Importer	Fixing	VCID-qrmf-7afx-6yd8	https://security.gentoo.org/glsa/201609-02	38.0.0