CVE-2019-8324 – rubygems: Installing a malicious gem may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8324
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. Se descubrió un error en RubyGems 2.6 y posteriormente hasta 3.0.2 Una gema hecha a mano con un nombre de varias líneas no se maneja correctamente. Por lo tanto, un atacante podría inyectar un código arbitrario a la línea de código auxiliar de gemspec, que se evalúa mediante un código en asegurar_loadable_spec durante la verificación de preinstalación. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2019:1972 https://hackerone.com/reports/328571 https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://access.redhat.com/security/cve/CVE-2019-8324 https://bugzilla.redhat.com/show_bug.cgi?id=1692520 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-8320 – rubygems: Delete directory using symlink when decompressing tar
https://notcve.org/view.php?id=CVE-2019-8320
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. Fue encontrado un problema de salto de directorio (Directory Traversal) en RubyGems versión 2.7.6 y posterior hasta la versión 3.0.2. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2019:1429 https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html https://hackerone.com/reports/317321 https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://access.redhat.com/security/cve/CVE-2019-8320 https://bugzilla.redhat.com/show_bug.cgi?id=1692512 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •