CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 2CVE-2021-43809 – Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile
https://notcve.org/view.php?id=CVE-2021-43809
08 Dec 2021 — `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git re... • https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.3EPSS: 12%CPEs: 4EXPL: 2CVE-2020-36327 – rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source
https://notcve.org/view.php?id=CVE-2020-36327
29 Apr 2021 — Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. Bundler versiones 1.16.0 hasta 2.2.9 y versiones 2.2.11 hasta 2.2... • https://bundler.io/blog/2021/02/15/a-more-secure-bundler-we-fixed-our-source-priorities.html • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3881 – rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code
https://notcve.org/view.php?id=CVE-2019-3881
04 Sep 2020 — Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. Bundler versiones anteriores a 2.1.0, usa una ruta predecible en /tmp/, creada con permisos no seguros como una ubicación de almacenamient... • https://bugzilla.redhat.com/show_bug.cgi?id=1651826 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 2%CPEs: 183EXPL: 1CVE-2016-7954
https://notcve.org/view.php?id=CVE-2016-7954
22 Dec 2016 — Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. Bundler 1.x podría permitir a atacantes remotos inyectar código Ruby arbitrario en una aplicación aprovechando una colisión de nombres de gemas en una fuente secundaria. NOTA: esto podría solapar CVE-2013-0334. • http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0334 – rubygem-bundler: 'bundle install' may install a gem from a source other than expected
https://notcve.org/view.php?id=CVE-2013-0334
31 Oct 2014 — Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Bundler anterior a 1.7, cuando múltiples líneas de fuentes del máximo nivel están utilizadas, permite a atacantes remotos instalar gemas arbitrarias con el mismo nombre como otra gema en una fuente diferente. A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to on... • http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •