Bundler
by Bundler
gem: bundler
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7954 | Cri | 0.64 | 9.8 | 0.08 | Dec 22, 2016 | Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. | ||
| CVE-2019-3881 | 0.00 | — | 0.01 | Sep 4, 2020 | Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an… | |||
| CVE-2013-0334 | 0.00 | — | 0.04 | Oct 31, 2014 | Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. |
- risk 0.64cvss 9.8epss 0.08
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
- CVE-2019-3881Sep 4, 2020risk 0.00cvss —epss 0.01
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an…
- CVE-2013-0334Oct 31, 2014risk 0.00cvss —epss 0.04
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.