Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bundler bundler vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2021-43809
`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions prior to 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the r...
Bundler Bundler
392
VMScore
CVE-2019-3881
Bundler before 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, a...
Bundler Bundler
1 Github repository
829
VMScore
CVE-2020-36327
Bundler 1.16.0 up to and including 2.2.9 and 2.2.11 up to and including 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is...
Bundler Bundler
Fedoraproject Fedora 34
Microsoft Package Manager Configurations -
3 Github repositories
445
VMScore
CVE-2013-0334
Bundler prior to 1.7, when multiple top-level source lines are used, allows remote malicious users to install arbitrary gems by creating a gem with the same name as another gem in a different source.
Bundler Bundler
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Fedoraproject Fedora 21
Fedoraproject Fedora 19
Fedoraproject Fedora 20
392
VMScore
CVE-2020-13177
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions before 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an malicious user to gain elevated privileges via execution of a malicious ...
Teradici Graphics Agent
Teradici Pcoip Standard Agent
445
VMScore
CVE-2018-14731
An issue exists in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSoc...
Parceljs Parcel -
NA
CVE-2023-40165
rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate uplo...
Rubygems Rubygems.org
534
VMScore
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one...
Rubygems Rubygems.org -
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started