CVE-2017-0899

Summary

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Affected Software

VendorProductVersion RangeStatus
HackerOneRubyGemsVersions before 2.6.13affected

Weaknesses

  • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)

ADP Enrichment

CVE Program Container

Additional References

References