rubygem-bundler: 通过gem名称碰撞执行代码(CVE-2016-7954)

Bug ID: 1381951 (CVE-2016-7954) Title: rubygem-bundler: Code execution via gem name collision in bundler Status: CLOSED WONTFIX Keywords: Security Product: Security Response Component: vulnerability Priority: Medium Severity: Medium Reported: 2016-10-05 12:19 UTC by Andrej Nemec Modified: 2021-02-17 03:13 UTC Last Closed: 2017-08-25 14:29:58 UTC CVE References: - CVE request: http://seclists.org/oss-sec/2016/q4/18 - CVE assignment: http://seclists.org/oss-sec/2016/q4/20 - References: http://seclists.org/oss-sec/2016/q4/25 External References: - https://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability - https://github.com/bundler/bundler/issues/5051 - https://github.com/bundler/bundler/issues/5274 Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

rubygem-bundler: 通过gem名称碰撞执行代码(CVE-2016-7954)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！