VulnerableCode Package Details - pkg:gem/rubygems-update@3.0.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4z5m-pfsj-6qdt	An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.	CVE-2019-8321 GHSA-fr32-gr5c-xq5c
VCID-55ab-2wkt-dfcy	An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.	CVE-2019-8324 GHSA-76wm-422q-92mq
VCID-5gck-a7sm-tbe1	An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.	CVE-2019-8322 GHSA-mh37-8c3g-3fgc
VCID-6jkx-n7aj-73g3	An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)	CVE-2019-8325 GHSA-4wm8-fjv7-j774
VCID-9fjb-7wus-cfeu	An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.	CVE-2019-8323 GHSA-3h4r-pjv6-cph9
VCID-fwds-unu4-n7gn	A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.	CVE-2019-8320 GHSA-5x32-c9mf-49cc

Vulnerability

Summary

Aliases

VCID-4z5m-pfsj-6qdt

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

CVE-2019-8321
GHSA-fr32-gr5c-xq5c

VCID-55ab-2wkt-dfcy

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

CVE-2019-8324
GHSA-76wm-422q-92mq

VCID-5gck-a7sm-tbe1

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

CVE-2019-8322
GHSA-mh37-8c3g-3fgc

VCID-6jkx-n7aj-73g3

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)

CVE-2019-8325
GHSA-4wm8-fjv7-j774

VCID-9fjb-7wus-cfeu

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

CVE-2019-8323
GHSA-3h4r-pjv6-cph9

VCID-fwds-unu4-n7gn

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.

CVE-2019-8320
GHSA-5x32-c9mf-49cc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:35:02.412943+00:00	GitLab Importer	Fixing	VCID-4z5m-pfsj-6qdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8321.yml	37.0.0
2025-07-03T17:35:02.312715+00:00	GitLab Importer	Fixing	VCID-5gck-a7sm-tbe1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8322.yml	37.0.0
2025-07-03T17:35:02.213385+00:00	GitLab Importer	Fixing	VCID-9fjb-7wus-cfeu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8323.yml	37.0.0
2025-07-03T17:35:02.116973+00:00	GitLab Importer	Fixing	VCID-55ab-2wkt-dfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8324.yml	37.0.0
2025-07-03T17:35:02.014358+00:00	GitLab Importer	Fixing	VCID-6jkx-n7aj-73g3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8325.yml	37.0.0
2025-07-03T17:34:43.576800+00:00	GitLab Importer	Fixing	VCID-fwds-unu4-n7gn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8320.yml	37.0.0
2025-07-01T18:11:41.826232+00:00	GitLab Importer	Fixing	VCID-4z5m-pfsj-6qdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8321.yml	36.1.3
2025-07-01T18:11:41.809457+00:00	GitLab Importer	Fixing	VCID-5gck-a7sm-tbe1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8322.yml	36.1.3
2025-07-01T18:11:41.793198+00:00	GitLab Importer	Fixing	VCID-9fjb-7wus-cfeu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8323.yml	36.1.3
2025-07-01T18:11:41.777062+00:00	GitLab Importer	Fixing	VCID-55ab-2wkt-dfcy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8324.yml	36.1.3
2025-07-01T18:11:41.760106+00:00	GitLab Importer	Fixing	VCID-6jkx-n7aj-73g3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8325.yml	36.1.3
2025-07-01T18:11:40.588129+00:00	GitLab Importer	Fixing	VCID-fwds-unu4-n7gn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2019-8320.yml	36.1.3
2025-07-01T14:29:49.293656+00:00	GHSA Importer	Fixing	VCID-fwds-unu4-n7gn	https://github.com/advisories/GHSA-5x32-c9mf-49cc	36.1.3
2025-07-01T12:22:19.946239+00:00	GithubOSV Importer	Fixing	VCID-fwds-unu4-n7gn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-5x32-c9mf-49cc/GHSA-5x32-c9mf-49cc.json	36.1.3