Bundler
Sign in to watchby Bundler
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7954 | Cri | 0.64 | 9.8 | 0.03 | Dec 22, 2016 | Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. | |
| CVE-2013-0334 | 0.00 | — | 0.01 | Oct 31, 2014 | Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. |