Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-f7x5-hz5f-hyd3
Vulnerability ID VCID-f7x5-hz5f-hyd3
Aliases CVE-2019-8325
GHSA-4wm8-fjv7-j774
Summary Improper Restriction of Operations within the Bounds of a Memory Buffer An issue was discovered in RubyGems. Since `Gem::CommandManager#run` calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00326 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2019-8325
cvssv3 7.5 https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
cvssv3.1 7.5 https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
generic_textual HIGH https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
cvssv3 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4wm8-fjv7-j774
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-8325
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2019-8325
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json
https://api.first.org/data/v1/epss?cve=CVE-2019-8325
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml
https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
1692522 https://bugzilla.redhat.com/show_bug.cgi?id=1692522
925987 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925987
CVE-2019-8325 https://nvd.nist.gov/vuln/detail/CVE-2019-8325
GHSA-4wm8-fjv7-j774 https://github.com/advisories/GHSA-4wm8-fjv7-j774
RHSA-2019:1148 https://access.redhat.com/errata/RHSA-2019:1148
RHSA-2019:1150 https://access.redhat.com/errata/RHSA-2019:1150
RHSA-2019:1235 https://access.redhat.com/errata/RHSA-2019:1235
RHSA-2020:2769 https://access.redhat.com/errata/RHSA-2020:2769
USN-3945-1 https://usn.ubuntu.com/3945-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8325.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2019-8325.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-8325
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55568
EPSS Score 0.00326
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:48:32.090080+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8325.yml 38.0.0