fkie_cve-2017-0903
Vulnerability from fkie_nvd
Published
2017-10-11 18:29
Modified
2024-11-21 03:03
Severity ?
Summary
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D82506-3FB5-41BA-8704-CC324C0B0DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*",
"matchCriteriaId": "28EF4773-AA97-4209-951F-942286A92413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*",
"matchCriteriaId": "2A3D3005-679A-4761-AC38-CAE1C1CB20AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*",
"matchCriteriaId": "344FF6A4-8041-4652-A0EA-F18BB0FCFB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E6CC620F-8E83-4256-9872-CCCDF5A4ED35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F22B79F6-5CA1-4E5C-9223-345A39EDD507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "260A155C-ED09-44E7-8279-5B94A4AC8CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E0506F-F2E6-45A2-B637-576C341A71B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EC4513-B653-438A-A1E4-406D055FC160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FDF363-24FA-45D2-879B-B1CF9B667AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03A81F55-2B6B-467C-9281-AA11ED31220F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8143D88-890D-4C87-9120-46B33D7D63C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5608F5-AC8A-4368-9323-A2CC09F18AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACEEB4D-D21D-4D89-881A-9FC33121F69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3D1495-E577-492F-ADE1-B8E8FB7F241A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD623FF-E72B-4C63-B9E6-AFCDEFDD760A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA1E4C2-29CA-48C2-AFFA-5357B36655FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EB358B7A-D258-4B86-BBD9-09388109653A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5C608597-03F7-4F01-803F-0E2B1E9E1D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67C95ABA-1949-4B56-B9E3-44B4AF90274D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DD319AE0-3D8C-40DF-857D-C38EAFA88C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "34709EF4-D695-4184-816A-F51FD9DF8AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5722DC3C-A813-4F02-AC78-47292BAC5A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31B50C72-C84A-4B4B-9E62-EB78E50DD19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0.rc.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A1FFCC-3966-4ADD-AF87-7128814ED326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0.rc.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94BA31E0-D32D-41B4-B663-7747BABC826B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "360BB3DB-FC9E-4791-AF2F-D331267E1603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23FE3A27-39D4-4D73-9E04-81AB02736435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3FFBBD-D379-4C00-B8B7-2B21B7E8C6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5987FA3A-4C1B-45DC-909A-2B475917CC32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FA3A47-708F-4CE1-99A8-886C93A2E29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D707C58B-7AD8-4590-863D-858612AC93C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A34F8D8D-8D29-4EB8-94F5-702017BB41E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D9F639-3F53-4ED5-A0EF-19955D253D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5E18301D-C1A2-45CD-9136-8995E0477592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFCB861-5386-48B8-B644-7029FEAD2030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D70F6E5-EAF2-4C0E-9E20-5FCC30310862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "672CC7FA-188C-4F34-B10D-7E0C4E7857F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.0.preiew.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E52DC21-4720-4271-80CD-0E5AB75E69C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.0.rc.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20E453C7-9EBC-4A5F-A37D-2D53F81F7095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCFF897-E65B-4D58-BA4D-B08FEF1201B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6D0730-F774-4E29-9871-3FF4BA89981E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D692C10-A24E-48EA-887C-7333C772744C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDB36D4-FB34-4FAB-8549-AF7D5244CCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "79EFBBB5-2A80-4BF0-BF5F-67219AB41046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29225B01-225B-47A1-B48B-67FEACCA99CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFD153C-B0C3-4A91-8B09-839341FA4434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D0BF47-C818-4834-BFA2-23DD25386CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F54C49A-12CE-4AC5-A94A-9C5921414AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFF3F39-EF40-4D73-965F-98A51C39C02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35BCB8FC-EE9C-4AA4-A4A0-E20A3E557129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B90365-2172-43E3-870B-A16F9FB45FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4932202-9EEA-4B95-A24A-637678837179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE86B4DE-776B-460F-B5C3-02C691243820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EAA024-49AB-4EDB-8578-72F802F39409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21B81760-1F5F-4E0B-9B98-1C1E646F2DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9639274-4E24-47D2-B94C-EDEF5C855C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964790F3-B248-4F0C-85F3-1B4DC82FC41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEF4340-5BD1-4230-858A-3CE781DD7967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C972A-88C7-46A3-81AF-6D49D3622068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E59F5-D72A-4027-9F1D-D4A986C5B442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51870568-D16C-4367-855D-CB5C41173109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCFBE7B-2445-499D-8A16-72E3DA07C7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "378AD8DD-C912-42CC-BB3B-6955A08B0893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E22C451-6EEA-4104-99DB-3741F57AFE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0EE70C-9AFE-4DB0-8257-24D2B44C9D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "560B7561-53C5-4796-8EFF-1A666BB3155B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "975D930C-13A8-4A9D-9EA7-55A17B9A3955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE10321-B685-4688-AB4E-6D3C7DCC8C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B2660E82-55D1-4C5D-AC9C-B914E482B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0119E0AA-F472-49EE-9130-6EE83229B4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubygems:rubygems:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF07EBF-4FAF-4DF5-8C74-CB33CC1BDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution."
},
{
"lang": "es",
"value": "Las versiones de RubyGems entre la 2.0.0 y la 2.6.13 son vulnerables a una posible vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. La deserializaci\u00f3n YAML de especificaciones de gemas puede omitir listas blancas de clases. Es posible que se utilicen objetos serializados especialmente manipulados para escalar a ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2017-0903",
"lastModified": "2024-11-21T03:03:51.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-11T18:29:00.583",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101275"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/274990"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3553-1/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/274990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3553-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.