Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2017-0899

Published: August 31, 2023Last modified: August 31, 2023

Description

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Severity score breakdown

ParameterValue
Base score9.8
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSrubyNot affected (3.1.4-r0)
StreamrubyNot affected (3.2.2-r0)

References

ON THIS PAGE