Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Remediation
References
Related Vulnerabilities
ownCloud Other Vulnerability (CVE-2013-1851)
WordPress Plugin Premmerce Wishlist for WooCommerce Security Bypass (1.1.2)
WordPress Missing Authentication for Critical Function Vulnerability (CVE-2020-11028)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)