Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
WordPress Plugin Advanced Custom Fields PRO PHP Object Injection (6.0.7)
WordPress Plugin LazyEater Unspecified Vulnerability (1.2.1)
Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962)