Description

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

Remediation

References

CVE-2017-0901

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2002-1636)

Oracle HTTP Server Other Vulnerability (CVE-1999-1125)

WordPress Plugin Coming Soon Page & Maintenance Mode Unspecified Vulnerability (1.8.2)

Moodle Configuration Vulnerability (CVE-2012-3392)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2021-43948)

Severity

High

Classification

CVE-2017-0901 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities