CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8320 – rubygems: Delete directory using symlink when decompressing tar
https://notcve.org/view.php?id=CVE-2019-8320
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. Fue encontrado un problema de salto de directorio (Directory Traversal) en RubyGems versión 2.7.6 y posterior hasta la versión 3.0.2. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2019:1429 https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html https://hackerone.com/reports/317321 https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://access.redhat.com/security/cve/CVE-2019-8320 https://bugzilla.redhat.com/show_bug.cgi?id=1692512 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8324 – rubygems: Installing a malicious gem may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8324
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. Se descubrió un error en RubyGems 2.6 y posteriormente hasta 3.0.2 Una gema hecha a mano con un nombre de varias líneas no se maneja correctamente. Por lo tanto, un atacante podría inyectar un código arbitrario a la línea de código auxiliar de gemspec, que se evalúa mediante un código en asegurar_loadable_spec durante la verificación de preinstalación. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2019:1972 https://hackerone.com/reports/328571 https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://access.redhat.com/security/cve/CVE-2019-8324 https://bugzilla.redhat.com/show_bug.cgi?id=1692520 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 13%CPEs: 87EXPL: 0CVE-2017-0903 – rubygems: Unsafe object deserialization through YAML formatted gem specifications
https://notcve.org/view.php?id=CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. Las versiones de RubyGems entre la 2.0.0 y la 2.6.13 son vulnerables a una posible vulnerabilidad de ejecución remota de código. La deserialización YAML de especificaciones de gemas puede omitir listas blancas de clases. • http://blog.rubygems.org/2017/10/09/2.6.14-released.html http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html http://www.securityfocus.com/bid/101275 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 https://hackerone.com/reports/27499 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 2CVE-2017-0901 – RubyGems < 2.6.13 - Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2017-0901
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. RubyGems 2.6.12 y anteriores no valida con éxito los nombres de las especificaciones, permitiendo que una gema manipulada maliciosamente sobrescriba cualquier archivo en el sistema de archivos. It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. RubyGems versions prior to 2.6.13 suffer from an arbitrary file overwrite vulnerability. • https://www.exploit-db.com/exploits/42611 http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100580 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 https://hackerone.com/repor • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-138: Improper Neutralization of Special Elements •
CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 1CVE-2017-0900 – rubygems: No size limit in summary length of gem spec
https://notcve.org/view.php?id=CVE-2017-0900
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. RubyGems 2.6.12 y anteriores es vulnerable a especificaciones de gemas manipuladas maliciosamente para provocar ataques de denegación de servicio contra clientes RubyGems que hayan enviado un comando query. It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100579 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 https://hackerone.com/reports/243003 https://lists.debian.org/debian- • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •