Vulnerability Details : CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
Products affected by CVE-2017-0899
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0899
1.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-0899
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.Assigned by: support@hackerone.com (Secondary)
References for CVE-2017-0899
-
https://access.redhat.com/errata/RHSA-2017:3485
RHSA-2017:3485 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491
Clean any text present in gems before displaying it · rubygems/rubygems@ef0aa61 · GitHubPatch;Third Party Advisory
-
http://www.securitytracker.com/id/1039249
Ruby Flaws in RubyGems Let Remote Users Hijack the DNS and Overwrite Files and Let Local Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
[SECURITY] [DLA 1421-1] ruby2.1 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-3966
Debian -- Security Information -- DSA-3966-1 ruby2.3Third Party Advisory
-
http://www.securityfocus.com/bid/100576
RubyGems CVE-2017-0899 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:0585
RHSA-2018:0585 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://hackerone.com/reports/226335
#226335 Escape sequence injection in "summary" fieldExploit;Patch;Third Party Advisory
-
http://blog.rubygems.org/2017/08/27/2.6.13-released.html
2.6.13 Released - RubyGems BlogPatch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:0378
RHSA-2018:0378 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1
Use a pattern that works on 1.8.7 · rubygems/rubygems@1bcbc7f · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0583
RHSA-2018:0583 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201710-01
RubyGems: Multiple vulnerabilities (GLSA 201710-01) — Gentoo securityThird Party Advisory
Jump to