Description

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

Remediation

References

CVE-2017-0903

Related Vulnerabilities

WordPress Plugin Yoast SEO Cross-Site Scripting (11.5)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.13)

MySQL CVE-2021-2170 Vulnerability (CVE-2021-2170)

WordPress Plugin Airtight Security & Features Formerly Redirect Editor And Security Unspecified Vulnerability (1.3)

Liferay Portal Insufficiently Protected Credentials Vulnerability (CVE-2021-29043)

Severity

Critical

Classification

CVE-2017-0903 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities