Search for vulnerabilities
Vulnerability details: VCID-hk69-vd9p-wfb3
Vulnerability ID VCID-hk69-vd9p-wfb3
Aliases CVE-2021-43809
GHSA-fj7f-vq84-fh43
Summary arbitrary command execution
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json
epss 0.01527 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.01527 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.01527 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.01811 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.01825 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.02053 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.02053 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.02053 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
epss 0.02053 https://api.first.org/data/v1/epss?cve=CVE-2021-43809
cvssv3.1 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fj7f-vq84-fh43
cvssv3.1 6.7 https://github.com/rubygems/rubygems
generic_textual MODERATE https://github.com/rubygems/rubygems
cvssv3.1 6.7 https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3
generic_textual MODERATE https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3
cvssv3.1 6.7 https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f
generic_textual MODERATE https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f
cvssv3.1 6.7 https://github.com/rubygems/rubygems/pull/5142
generic_textual MODERATE https://github.com/rubygems/rubygems/pull/5142
cvssv3 6.7 https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
cvssv3.1 6.7 https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
cvssv3.1_qr MODERATE https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
generic_textual MODERATE https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
cvssv3.1 6.7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43809
cvssv3.1 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-43809
cvssv3.1 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43809
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-43809
archlinux Low https://security.archlinux.org/AVG-2615
cvssv3.1 6.7 https://www.sonarsource.com/blog/securing-developer-tools-package-managers
generic_textual MODERATE https://www.sonarsource.com/blog/securing-developer-tools-package-managers
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json
https://api.first.org/data/v1/epss?cve=CVE-2021-43809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rubygems/rubygems
https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3
https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f
https://github.com/rubygems/rubygems/pull/5142
https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml
https://nvd.nist.gov/vuln/detail/CVE-2021-43809
https://www.sonarsource.com/blog/securing-developer-tools-package-managers
https://www.sonarsource.com/blog/securing-developer-tools-package-managers/
2035260 https://bugzilla.redhat.com/show_bug.cgi?id=2035260
AVG-2615 https://security.archlinux.org/AVG-2615
cpe:2.3:a:bundler:bundler:*:*:*:*:*:ruby:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bundler:bundler:*:*:*:*:*:ruby:*:*
GHSA-fj7f-vq84-fh43 https://github.com/advisories/GHSA-fj7f-vq84-fh43
RHSA-2025:7539 https://access.redhat.com/errata/RHSA-2025:7539
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43809.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/rubygems/rubygems
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/rubygems/rubygems/pull/5142
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bundler/CVE-2021-43809.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43809
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43809
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43809
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://www.sonarsource.com/blog/securing-developer-tools-package-managers
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.80457
EPSS Score 0.01527
Published At July 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T11:52:40.842093+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2615 36.1.3