Description
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)
WordPress Plugin WP-PostRatings '[ratings]' Shortcode SQL Injection (1.61)
WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.24)
WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)