pkg:RubyGems/bundler

共 5 筆 CVECRITICAL1HIGH2MEDIUM1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2016-7954Bundler allows attacker to inject arbitrary code via secondary Gem source
    >= 1.0.0, < 2.0.0
  • HIGH8.8CVE-2020-36327Dependency Confusion in Bundler
    >= 1.16.0, < 2.2.10
  • HIGH7.0CVE-2019-3881Insecure path handling in Bundler
    >= 1.14.0, < 2.1.0
  • MEDIUM6.7CVE-2021-43809Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
    from 0, < 2.2.33
  • CVE-2013-0334Bundler may install gems from a different source than expected
    from 0, < 1.7.0