CVE-2016-7954

Published December 22nd, 2016

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

rubygems/bundler

Manage your Ruby application's gem dependencies

GitHub

4.88K