Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bundler bundler vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-36327
Bundler 1.16.0 up to and including 2.2.9 and 2.2.11 up to and including 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is...
Bundler Bundler
Fedoraproject Fedora 34
Microsoft Package Manager Configurations -
3 Github repositories
7.8
CVSSv3
CVE-2019-3881
Bundler before 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, a...
Bundler Bundler
1 Github repository
7.8
CVSSv3
CVE-2020-13177
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions before 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an malicious user to gain elevated privileges via execution of a malicious ...
Teradici Graphics Agent
Teradici Pcoip Standard Agent
7.5
CVSSv3
CVE-2023-40165
rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate uplo...
Rubygems Rubygems.org
7.5
CVSSv3
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one...
Rubygems Rubygems.org -
1 Github repository
7.5
CVSSv3
CVE-2018-14731
An issue exists in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSoc...
Parceljs Parcel -
7.3
CVSSv3
CVE-2021-43809
`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions prior to 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the r...
Bundler Bundler
NA
CVE-2013-0334
Bundler prior to 1.7, when multiple top-level source lines are used, allows remote malicious users to install arbitrary gems by creating a gem with the same name as another gem in a different source.
Bundler Bundler
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Fedoraproject Fedora 19
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started