Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-0334

Published: 31/10/2014 Updated: 16/07/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Bundler

Vulnerability Summary

Bundler prior to 1.7, when multiple top-level source lines are used, allows remote malicious users to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bundler bundler

opensuse opensuse 13.1

opensuse opensuse 13.2

fedoraproject fedora 21

fedoraproject fedora 19

fedoraproject fedora 20

Vendor Advisories

Red Hat: Moderate: rubygem-bundler and rubygem-thor security, bug fix, and enhancement update
Synopsis Moderate: rubygem-bundler and rubygem-thor security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated rubygem-bundler and rubygem-thor packages that fix one securityissue, several bugs, and add various enhancements are now available for RedHat Enterprise Linux ...
Debian CVElist Bug Report Logs: [CVE-2013-0334] Ruby dependency manager Bundler may install gems from a different source than expected
Debian Bug report logs - #762739 [CVE-2013-0334] Ruby dependency manager Bundler may install gems from a different source than expected Package: bundler; Maintainer for bundler is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for bundler is src:bundler (PTS, buildd, popcon) Repo ...

References

CWE-20http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.htmlhttp://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.htmlhttp://lists.opensuse.org/opensuse-updates/2015-03/msg00092.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/70099https://security.gentoo.org/glsa/201609-02https://access.redhat.com/errata/RHSA-2015:2180https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook