Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21638 Vulnerability (CVE-2022-21638)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3348)
Oracle JRE CVE-2023-21835 Vulnerability (CVE-2023-21835)
WordPress Plugin Social Media Widget by Acurax Multiple Unspecified Vulnerabilities (3.2.3)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.5)