PT-2019-1024 · Ruby+2 · Rubygems+2

Ooooooo_Q

Publicado

2019-03-27

Atualizado

2020-11-27

CVE-2019-8320

CVSS v2.0

8.8

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: RubyGems versions 2.7.6 through 3.0.2

Description: A Directory Traversal issue was discovered in RubyGems. The issue allows a malicious gem to delete arbitrary files on the user's machine if the attacker can guess the paths, potentially leading to data loss or an unusable system. This is particularly concerning given how frequently the gem is run as sudo and the predictability of paths on modern systems.

Recommendations: For versions 2.7.6 through 3.0.2, update to a version later than 3.0.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALBA-2019:3384

BDU:2019-03332

CVE-2019-8320

DLA-1735-1

DLA-2330-1

DSA-4433-1

GHSA-5X32-C9MF-49CC

MGASA-2020-0243

MGASA-2020-0440

OPENSUSE-SU-2019:1771-1

OPENSUSE-SU-2019_1771-1

RHSA-2019:1148

RHSA-2019:1150

RHSA-2019:1429

SUSE-SU-2019:1804-1

SUSE-SU-2020:1570-1

SUSE-SU-2020_1570-1

USN-3945-1

Produtos afetados

Rubygems

Suse

Ubuntu

PT-2019-1024 · Ruby+2 · Rubygems+2

CVE-2019-8320

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 142