Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
Remediation
References
Related Vulnerabilities
Moodle Incorrect Authorization Vulnerability (CVE-2021-20283)
WordPress Plugin Mapplic Lite Server-Side Request Forgery (1.0)
MediaWiki Improper Access Control Vulnerability (CVE-2012-4379)
MySQL CVE-2016-9842 Vulnerability (CVE-2016-9842)
WordPress 3.1.3 Multiple SQL Injection Vulnerabilities (3.1 - 3.1.3)