Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RubyGems 输入验证错误漏洞
Vulnerability Description
RubyGems是RubyGems组织的一款Ruby程序包管理器。该产品主要用于发布和管理Ruby程序包。 RubyGems 2.6版本至3.0.2版本中存在输入验证错误漏洞,该漏洞源于程序没有正确地处理名称中带有多个行的gem。攻击者可利用该漏洞注入任意的代码。
CVSS Information
N/A
Vulnerability Type
N/A