Skip to content

Bundler allows attacker to inject arbitrary code via secondary Gem source #4

New issue
New issue
Open
Open
Bundler allows attacker to inject arbitrary code via secondary Gem source#4
Assignees
ls-barnaby-claydon
Labels
criticaldependabotsecurity
@sniffler-app

Description

@sniffler-app
sniffler-app
bot
opened on Jun 27, 2023

Description

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

Informations

Manifest Path: giraph.gemspec

Please look at dependabot report: https://github.com/upserve/giraph/security/dependabot/4

Metadata

Metadata

Assignees

Labels

criticaldependabotsecurity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions