Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

Remediation

References

CVE-2019-8321

Related Vulnerabilities

WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)

WordPress Plugin Advanced Custom Fields PRO PHP Object Injection (6.0.7)

WordPress Plugin LazyEater Unspecified Vulnerability (1.2.1)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4480)

Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962)

Severity

High

Classification

CVE-2019-8321 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities