Description

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

Remediation

References

CVE-2019-8323

Related Vulnerabilities

WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce Privilege Escalation (1.6.13)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-25695)

WordPress Plugin YITH WooCommerce Cart Messages Security Bypass (1.4.3)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)

WordPress Plugin WP-UserOnline Cross-Site Scripting (2.87.6)

Severity

High

Classification

CVE-2019-8323 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities