CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8320 – rubygems: Delete directory using symlink when decompressing tar
https://notcve.org/view.php?id=CVE-2019-8320
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. Fue encontrado un problema de salto de directorio (Directory Traversal) en RubyGems versión 2.7.6 y posterior hasta la versión 3.0.2. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2019:1429 https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html https://hackerone.com/reports/317321 https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://access.redhat.com/security/cve/CVE-2019-8320 https://bugzilla.redhat.com/show_bug.cgi?id=1692512 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2018-1000074 – rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML
https://notcve.org/view.php?id=CVE-2018-1000074
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: versiones 2.5.0 y anteriores, anteriores a la revisión del trunk 62422 contiene una vulnerabilidad de deserialización de datos no fiables en el comando owner que puede resultar en la ejecución de código. Este ataque parece ser explotable si la víctima ejecuta el comando "gem owner" con un archivo YAML especialmente manipulado. • http://blog.rubygems.org/2018/02/15/2.7.6-released.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2020:0542 https://access.redhat.com/errata/RHSA-2020:0591 https://access.redhat.com/errata/RHSA-2020:0663 https& • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-1000079 – rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations
https://notcve.org/view.php?id=CVE-2018-1000079
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: versiones 2.5.0 y anteriores, anteriores a la revisión del trunk 62422 contiene una vulnerabilidad de salto de directorio en la instalación de gemas que puede resultar en que la gema podría escribir en ubicaciones arbitrarias del sistema de archivos durante la instalación. El ataque parece ser explotable mediante una víctima que instale una gema maliciosa. • http://blog.rubygems.org/2018/02/15/2.7.6-released.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2020:0542 https://access.redhat.com/errata/RHSA-2020:0591 https://access.redhat.com/errata/RHSA-2020:0663 https& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-1000076 – rubygems: Improper verification of signatures in tarball allows to install mis-signed gem
https://notcve.org/view.php?id=CVE-2018-1000076
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: versiones 2.5.0 y anteriores, anteriores a la revisión del trunk 62422 contiene una vulnerabilidad de verificación incorrecta de firma criptográfica en package.rb que puede resultar en la instalación de una gema mal firmada, ya que tarball contendría múltiples firmas de gema. La vulnerabilidad parece haber sido solucionada en la versión 2.7.6. • http://blog.rubygems.org/2018/02/15/2.7.6-released.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2020:0542 https://access.redhat.com/errata/RHSA-2020:0591 https://access.redhat.com/errata/RHSA-2020:0663 https& • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1000077 – rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL
https://notcve.org/view.php?id=CVE-2018-1000077
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: versiones 2.5.0 y anteriores, anteriores a la revisión del trunk 62422 contiene una vulnerabilidad de validación de entradas incorrecta en el atributo specification homepage de ruby gems que puede resultar en que una gema maliciosa podría establecer una URL de página de inicio no válida. La vulnerabilidad parece haber sido solucionada en la versión 2.7.6. • http://blog.rubygems.org/2018/02/15/2.7.6-released.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://access.redhat.com/errata/RHSA-2020:0542 https://access.redhat.com/errata/RHSA-2020:0591 https://access.redhat.com/errata/RHSA-2020:0663 https& • CWE-20: Improper Input Validation •