CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 2CVE-2021-43809 – Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile
https://notcve.org/view.php?id=CVE-2021-43809
08 Dec 2021 — `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git re... • https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3881 – rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code
https://notcve.org/view.php?id=CVE-2019-3881
04 Sep 2020 — Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. Bundler versiones anteriores a 2.1.0, usa una ruta predecible en /tmp/, creada con permisos no seguros como una ubicación de almacenamient... • https://bugzilla.redhat.com/show_bug.cgi?id=1651826 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 2%CPEs: 183EXPL: 1CVE-2016-7954
https://notcve.org/view.php?id=CVE-2016-7954
22 Dec 2016 — Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. Bundler 1.x podría permitir a atacantes remotos inyectar código Ruby arbitrario en una aplicación aprovechando una colisión de nombres de gemas en una fuente secundaria. NOTA: esto podría solapar CVE-2013-0334. • http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability • CWE-94: Improper Control of Generation of Code ('Code Injection') •