Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

Remediation

References

CVE-2019-8321

Related Vulnerabilities

Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32777)

WordPress Plugin Gravity Forms SQL Injection (1.9.3.5)

EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)

WordPress Plugin WP OAuth Server (OAuth Authentication) Security Bypass (3.1.4)

Oracle Application Server CVE-2008-2583 Vulnerability (CVE-2008-2583)

Severity

High

Classification

CVE-2019-8321 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities