Description

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Remediation

References

CVE-2017-0899

Related Vulnerabilities

WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)

WordPress Plugin WP-PostRatings '[ratings]' Shortcode SQL Injection (1.61)

WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.24)

WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)

Severity

Critical

Classification

CVE-2017-0899 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities