Description
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
Remediation
References
Related Vulnerabilities
GlassFish Use of Hard-coded Credentials Vulnerability (CVE-2018-14324)
WordPress Plugin Virtual Robots.txt Cross-Site Scripting (1.9)
WordPress Plugin Viper's Video Quicktags Unspecified Vulnerability (6.4.4)
Oracle Application Server Other Vulnerability (CVE-2002-0560)
WordPress Plugin 3D Product configurator for WooCommerce Arbitrary File Upload (1.5.531)