Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mh37-8c3g-3fgc

GitHub Security Advisory

RubyGems Escape sequence injection vulnerability in gem owner

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

Affected Packages

RubyGems rubygems-update
Affected versions: 2.6.0 (fixed in 2.7.9)
RubyGems rubygems-update
Affected versions: 3.0.0 (fixed in 3.0.2)

Related CVEs

CVE-2019-8322

Key Information

GHSA ID
GHSA-mh37-8c3g-3fgc
Published
June 20, 2019 4:06 PM
Last Modified
August 28, 2023 1:22 PM
CVSS Score
7.5 /10
Primary Ecosystem
RubyGems
Primary Package
rubygems-update
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.