Home > Vulnerability Database > CVE-2018-1000079

Mend.io Vulnerability Database

CVE-2018-1000079

Good to know:

Date: March 13, 2018

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

Language: Ruby

Severity Score

5.5

Related Resources (23)

Url: https://access.redhat.com/errata/RHSA-2018:3729

Url: https://access.redhat.com/errata/RHSA-2020:0542

Url: https://access.redhat.com/errata/RHSA-2020:0663

Url: https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759

Url: https://access.redhat.com/errata/RHSA-2020:0591

Url: https://access.redhat.com/errata/RHSA-2019:2028

Url: https://www.debian.org/security/2018/dsa-4219

Url: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

Url: http://blog.rubygems.org/2018/02/15/2.7.6-released.html

Url: https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

Url: https://www.debian.org/security/2018/dsa-4259

Url: https://usn.ubuntu.com/3621-1/

Url: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099

Url: https://usn.ubuntu.com/3621-1

Url: https://access.redhat.com/security/cve/CVE-2018-1000079

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1000079

Url: https://github.com/rubygems/rubygems/commit/5971b486d4dbb2bad5d3445b3801c456eb0ce183

Url: https://security-tracker.debian.org/tracker/CVE-2018-1000079

Url: https://access.redhat.com/errata/RHSA-2018:3731

Url: https://access.redhat.com/errata/RHSA-2018:3730

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895778

Url: https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7

Url: https://www.mend.io/vulnerability-database/CVE-2018-1000079

Severity Score

5.5

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v2.7.6

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1000079

Good to know:

Date: March 13, 2018

Language: Ruby

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?