Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RubyGems 安全漏洞
Vulnerability Description
RubyGems是RubyGems组织的一款Ruby程序包管理器,它主要用于发布和管理Ruby程序包。 RubyGems中的owner命令存在安全漏洞。远程攻击者可通过使用‘gem owner’命令利用该漏洞在系统上执行任意代码。以下版本受到影响:RubyGems 2.2.9版本,2.3.6版本,2.4.3版本,2.5.0版本。
CVSS Information
N/A
Vulnerability Type
N/A