An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubygems rubygems |
||
debian debian linux 9.0 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |