PT-2017-3268 · Ruby+5 · Rubygems+5

Mame

Publicado

2017-08-31

Atualizado

2022-05-13

CVE-2017-0901

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions RubyGems versions 2.6.12 and earlier

Description The issue exists due to insufficient input validation in the package manager. Exploitation of this issue may allow a remote attacker to overwrite any file on the filesystem. A maliciously crafted gem can potentially be used to achieve this.

Recommendations For RubyGems versions 2.6.12 and earlier, consider updating to a version that fixes the specification name validation issue to prevent potential file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-22

Identificadores relacionados

ALT-PU-2017-2195

BDU:2018-00026

CESA-2018_0378

CVE-2017-0901

DLA-1112-1

DLA-1114-1

DLA-1421-1

DSA-3966-1

GHSA-PM9X-4392-2C2P

MGASA-2017-0482

RHSA-2017:3485

RHSA-2018:0378

RHSA-2018:0583

RHSA-2018:0585

RHSA-2018_0378

SUSE-SU-2020:1570-1

SUSE-SU-2020_1570-1

USN-3439-1

USN-3553-1

USN-3685-1

Produtos afetados

Alt Linux

Centos

Red Hat

Rubygems

Suse

Ubuntu

PT-2017-3268 · Ruby+5 · Rubygems+5

CVE-2017-0901

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 139