CVE-2017-1000037

Name of the Vulnerable Software and Affected Versions RVM (affected versions not specified)

Description The issue concerns command and code execution due to RVM's automatic loading of environment variables and execution of hooks from files in the current working directory ($PWD). This allows for command injection when RVM loads environment variables from files in $PWD. Additionally, RVM automatically installs gems and performs "bundle install" on a Gemfile as specified by .versions.conf in $PWD, resulting in code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.