Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bundler 安全漏洞
Vulnerability Description
Bundler是一个应用软件。通过跟踪和安装所需的确切gem和版本,为Ruby项目提供了一致的环境。 Bundler 1.16.0版本至2.2.9版本和2.2.11版本至2.2.16版本存在安全漏洞,该漏洞源于有时选择依赖来源基于最高的版本号。
CVSS Information
N/A
Vulnerability Type
N/A