RubyGems prior to 2.6.13 is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Affected Packages

RubyGems rubygems-update

Affected versions: 0 (fixed in 2.6.13)

Related CVEs

CVE-2017-0899

Key Information

GHSA ID

GHSA-7gcp-2gmq-w3xh

Published

May 13, 2022 1:38 AM

Last Modified

March 9, 2023 12:37 AM

CVSS Score

9.0 /10

Primary Ecosystem

RubyGems

Primary Package

rubygems-update

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.