{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "93423", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93423"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bundler/bundler/issues/5062"}, {"tags": ["x_refsource_MISC"], "url": "http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951"}, {"name": "[oss-security] 20161004 Re: Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/3"}, {"name": "[oss-security] 20161004 Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/7"}, {"name": "[oss-security] 20161004 Re: Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bundler/bundler/issues/5051"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7954", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93423", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93423"}, {"name": "https://github.com/bundler/bundler/issues/5062", "refsource": "CONFIRM", "url": "https://github.com/bundler/bundler/issues/5062"}, {"name": "http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/", "refsource": "MISC", "url": "http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951"}, {"name": "[oss-security] 20161004 Re: Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/05/3"}, {"name": "[oss-security] 20161004 Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/7"}, {"name": "[oss-security] 20161004 Re: Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/5"}, {"name": "https://github.com/bundler/bundler/issues/5051", "refsource": "CONFIRM", "url": "https://github.com/bundler/bundler/issues/5051"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:13:21.223Z"}, "title": "CVE Program Container", "references": [{"name": "93423", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93423"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/bundler/bundler/issues/5062"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951"}, {"name": "[oss-security] 20161004 Re: Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/3"}, {"name": "[oss-security] 20161004 Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/7"}, {"name": "[oss-security] 20161004 Re: Re: CVE request for code execution via gem name collission in bundler (was Re: CVE Request)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/bundler/bundler/issues/5051"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7954", "datePublished": "2016-12-22T22:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:21.223Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "26796D07-A50A-4ED2-84D6-5249E3FE4422", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "105724AF-61F1-4224-9E4C-DE8E98B8CF1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "D516A311-58E8-4A7D-9FC8-DD40CA09BABE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "A3A6AA18-A602-4C0F-8BF9-E292AD987C03", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "2D5AD62D-4161-4152-83CF-ED2098094E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "520EE3B5-AD20-4CB8-8146-C9C7890655CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "1434ACBA-F3D7-464B-A814-1CA103A0C36A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5D77F07B-C4B3-4CF1-AF63-D13239F6EB8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D055DE8D-E780-4AE1-B14C-458A9EE8EFF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "BE44841F-A565-492B-9A21-F9BB96F770C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "95E10EB3-5A27-42FA-AB40-1B201AD6AE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "A9ED91EA-54F9-45CE-96A1-A900A5E3E4D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "5DE7AD12-291D-4AB0-8454-29103B895C48", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "05D35D1B-C2EC-4928-965C-A05B5C6C37BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C51DC646-49B8-4B40-BC0C-FAA67D78F3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "20CE065A-5F05-43CD-AEFF-7EDDB50827C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "EA6476D8-4EAC-42FB-8303-CC1E3190889F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1E53CE1D-6883-4163-B920-8CA91E9767E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "38A4462B-79C6-4F34-8910-E2AE3713D092", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "EB095974-EAD0-4FB2-B0E7-45B277E61E7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "909713D2-85BB-4B1C-9CD5-72C3D9612979", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "46463C54-CB69-495B-BFCB-1A198B0DDC99", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "5CD09CB7-C136-4EBE-82E4-940E0010F716", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "B1D4530A-AFB8-4C0E-BA03-D2372E7915EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "0D84F665-60F5-414A-BB1D-5C50244E463A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "205C6832-278A-4B5B-910F-68A4345B7B45", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "DBF8D4C6-6125-49B4-9007-F6EF2E9B2C2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "EACAF38A-9B4B-441C-B9B7-3DC2495F3585", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "FB2A1BC7-8AA2-4232-B931-23434CDA0831", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "AECA57D7-4D8B-4E3E-9D71-6B9EF13BD5BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "9D5EA701-0418-4993-9C1C-D367491A9FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.19:rc:*:*:*:*:*:*", "matchCriteriaId": "7B0E0BE7-DC00-467F-B823-F5A5C2AFB712", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "F48F9C6E-6C08-4DBC-AE28-C1453FD328B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.20:rc:*:*:*:*:*:*", "matchCriteriaId": "95637077-D46C-42A7-866E-05FC938BD609", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "49EC5435-6651-4173-95D9-542407641480", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.0.21:rc:*:*:*:*:*:*", "matchCriteriaId": "C73A5EB3-2342-4AEE-8C73-B92A96087809", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre:*:*:*:*:*:*", "matchCriteriaId": "DA6AF326-2F69-41A4-906E-6F6B3659EA9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre1:*:*:*:*:*:*", "matchCriteriaId": "E958B189-71A2-48AA-A8EA-DEFC47C41AC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre10:*:*:*:*:*:*", "matchCriteriaId": "5C139092-2D34-4FC4-A52C-2DEE378DB66D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre2:*:*:*:*:*:*", "matchCriteriaId": "EB777E11-2342-4B43-A7B1-79450B717F05", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre3:*:*:*:*:*:*", "matchCriteriaId": "18C9C7D6-58E1-42E1-A595-937BA0750DF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre4:*:*:*:*:*:*", "matchCriteriaId": "F8E53013-24F9-42C8-B970-B934C36A3B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre5:*:*:*:*:*:*", "matchCriteriaId": "612EFB82-D790-4963-86B7-38C334DD46E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre6:*:*:*:*:*:*", "matchCriteriaId": "622F6720-0DAF-45A4-BC53-DE9E773474A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre7:*:*:*:*:*:*", "matchCriteriaId": "0707F625-AEDE-4942-8488-AFA4D82A2044", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre8:*:*:*:*:*:*", "matchCriteriaId": "206A3725-FE79-47F9-9687-E600B3C3D8FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:pre9:*:*:*:*:*:*", "matchCriteriaId": "EF7D78D7-CC5C-4373-B799-71D8A337CC12", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc:*:*:*:*:*:*", "matchCriteriaId": "ADE539BC-185C-4B22-99FB-9DF9F0E2B3D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "1B7C9861-77FA-4A32-9F5D-F4F75D4744F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "C8D96EB8-3137-43E1-A08F-0F3D509483CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "D7E73CD8-DBF7-40E8-8166-ED99457BEF38", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "BC747E23-D523-4F3F-B629-4A68A621EF6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "5A454852-07BA-47D8-B191-B46022AA6D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "EB273789-3FAD-4147-9027-071774F58E01", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1:rc8:*:*:*:*:*:*", "matchCriteriaId": "51A31094-E239-47B6-8A2D-5A2ED42E0D99", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BD23C8F-AE7A-4886-86D6-F8294101AE96", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "902E61E3-6886-4C47-8360-370C2D162231", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B24DA7DB-BB4B-428A-B4A5-4724EC42DB06", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "98FF22EE-2ECF-4CFA-B29E-0DABC2F41AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC1BFED2-B0CF-4B81-8B2D-48AABA668369", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "8E69CA0B-7EF3-4DC6-B806-8CF397956418", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC2BC590-4F7E-4C98-A488-D4F4B34E697A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.0:pre:*:*:*:*:*:*", "matchCriteriaId": "10279135-65DD-4F19-B6E9-DF2E3A44369B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "0BC12CE3-6BBC-4EDE-AD1F-7EDB8965C5F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.0:rc:*:*:*:*:*:*", "matchCriteriaId": "8E317F13-A8FB-40E7-A25A-678A24AF9A30", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BD98679D-E289-4B41-9AD1-16FC4ECE6285", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AFC36563-0560-4852-B01E-13A09DF5EE51", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AAB09925-5BB0-4415-A1CD-93EF4A26D41E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BB1988E5-8448-443D-B92F-CE72D170FE40", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "4A8F31E8-5503-4E1E-A2B7-A0F88EB88E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E3C70F44-FD6D-4907-AAAB-F793713F849B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "80AF1B2A-83BE-4B06-9BCC-7B682A4844A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre:*:*:*:*:*:*", "matchCriteriaId": "3283236A-30E7-4CD2-AA1F-F01D11E19B49", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "A152BAEC-0421-4866-AFF4-35643D5F2A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre3:*:*:*:*:*:*", "matchCriteriaId": "FDEF90A8-D762-46A1-ABA9-94FBB2EA410A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre4:*:*:*:*:*:*", "matchCriteriaId": "0888ECBC-BACC-43C7-81DA-DAE9DE3AA2D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre5:*:*:*:*:*:*", "matchCriteriaId": "6DB5E00B-21DE-4BF3-9E8D-B1F3439237AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre6:*:*:*:*:*:*", "matchCriteriaId": "F8E6EA02-2477-41D7-B5F8-AC0FDA22D6A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre7:*:*:*:*:*:*", "matchCriteriaId": "BAA2C877-F8FD-4E80-B1D2-5E038E8F8D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.0:pre8:*:*:*:*:*:*", "matchCriteriaId": "DAFF5605-080E-4862-BE61-DF6F8EBF500E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "30D11C30-589D-49FB-A7D4-A650CE7C4152", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D9D6016-246E-4465-A187-949971459750", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFE2E15D-0BC7-444F-BC95-4BB71B8F8292", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "DAFBEE22-776B-41C2-8208-174CD220B706", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "12ABBD41-3F0C-4F38-9A69-4F2DFE8581C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "46553D0D-D5E5-4DA3-AA7B-2ACAE979B005", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.4.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "0B092D16-2470-4DFD-BBD6-5AE1BBF9DF39", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "9518145E-71BB-43AD-9245-86FAEB16B581", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AF8300C-C5DF-4D8C-8003-7FBEFF5BF442", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "436234FF-AB89-4725-8BB9-A8387ED43F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "413CBD76-067C-46B7-AF35-F17CA6863648", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2DF23DAA-549C-4C0A-BF8A-520859F78535", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB3B8AEA-C42D-4747-ADA7-87A398A245DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "26197CE2-9490-45F0-8750-ADAA8D208498", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "00B3D363-6B25-49FB-945A-AFC91613AAE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E5D5CAF-4D53-4D2C-A687-26B1BCE62203", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "83106BDD-01F5-4907-B411-47C17072CF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "BEDF1875-BAA4-4EC0-B509-AA46167423F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "316BF3BC-58A1-4826-A886-67BD85EFF55B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE1B0A79-3FC7-49DE-8662-8D1BB4D2902A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "01E7981F-ECDF-411E-B6FD-9201475F6310", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "292F39A0-F941-430F-B017-665DDB4BF66D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "68485230-2E38-4DC2-8E31-A54A9560B358", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7FAC18E3-8A85-4B90-9181-1A47A4CB0CAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7951742E-FE25-4E8D-90CC-E0367E3ACA6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "CFE2F0F0-A67C-4C58-B3FB-3FFFB98E1AA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D12DD43C-B2DD-44C0-9390-826AB4F14BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8627CFD7-28DA-4AF6-8FCD-966D02DC4E5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "F63AC34D-B7C7-40F6-9D06-2583573FB24C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "AE92FBA1-66A6-4A63-A2C6-D0BCDC87124C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "028D1AB2-A58E-4558-8C0A-0B0F1BAA3F3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "A303E967-F7F1-46DB-90C5-98BACB1A0BC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "D86DE71D-8DA0-48CD-9226-86F1184EC403", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "77E2D302-D25B-4F75-850A-1C271D0F01F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "A3AB71D4-D6FA-42D0-910B-F698D0EA5B74", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "29266FBD-952D-46AE-9AAF-7367DBF5DAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "14DFC7A4-3072-4D3C-AD54-BEEED1BAE31F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.7.15:*:*:*:*:*:*:*", "matchCriteriaId": "DBEBBC25-403B-4F93-BDF6-D88F0D50CFA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53A3F62-F27B-416D-BB95-40DF2DB5432C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.0:pre:*:*:*:*:*:*", "matchCriteriaId": "4CC17FCE-62DA-46C7-893D-82AC371EE0BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.0:rc:*:*:*:*:*:*", "matchCriteriaId": "C5F8DD74-C97C-4FC9-A865-E0701868B870", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D4C9628-95CF-4D8E-9DF2-5E1C873E122A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA21E9FD-6A42-4CC1-949E-63BDE1439ACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "D7FA9056-64DB-433E-976B-D29D6E76D2A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F5AF892E-7B20-4C3D-88DA-52B416DC22DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "25A734DE-75E0-4CA1-8BC5-CBA6C3F3FE98", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "00256BAB-09B8-4782-BD4E-615A15906712", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "C5725846-A7A3-4BD5-90FA-9B0D7E3E704C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "CCFE5954-7C13-4E8B-9F7D-C5A76DF9F9EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "27846C6A-BBB2-4F38-9F07-393FFD86F961", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "134246FC-02C1-44EF-8036-19D64F4BF4B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.0:pre:*:*:*:*:*:*", "matchCriteriaId": "98A93E12-4757-4FEA-A52F-DC65DAAA4D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "4078A13F-EC57-4B14-A174-D4C81C65BD91", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.0:rc:*:*:*:*:*:*", "matchCriteriaId": "E3CC989B-5096-4808-97C3-53AE567BA3A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "7660A12A-FDF2-4FB5-930B-CCA0EEEB7A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "BDCF31D8-C35F-4529-88CA-0328B91DFB5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF821BDC-4F69-4744-8DF0-9D04099E280A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "93DB32B2-CB71-4FA1-815A-49A4F6526633", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "8E4E50AA-9355-43C3-8B85-3128C01FB1FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "677E3EB3-D48D-4373-B057-D3DE1CFD232C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "58D1120B-00DC-454A-B992-86A50C88F4F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "3CD9A1F3-03B5-4F31-A867-66781B15207B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "B274E653-0623-498C-ABE0-8A5DD6542AB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "4BB2EAB0-77A9-4C28-9A76-7CA1F3A22E58", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D9F75863-B4EE-4CBF-B92B-B1F38DDCD167", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.0:pre:*:*:*:*:*:*", "matchCriteriaId": "2C856750-FF22-42EE-9D83-E1C69C806A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "B58B5D3E-C8FC-420B-A57B-636EC171D8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "02A08D27-F104-4426-862F-215771D5ED3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.0:rc:*:*:*:*:*:*", "matchCriteriaId": "88062782-02F9-40A1-B3D6-237CC7D4702F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E6DCC00-3926-4729-9036-ADC3EA02A3B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7B3AE39-00E1-42CE-8AAB-1E67EBD48831", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "896EB51D-86FB-41B3-A696-6D8448AD4E8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "8DC48E97-F810-42C5-9C1A-3694F9F1065F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "7642E46A-76D2-4E0B-9985-F90A0293FBF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "70754708-B932-43D0-935C-032001DB2506", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "43B42932-17A9-412A-A017-833263EB18D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.11.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "37D618DE-CF7B-4615-A2B1-CB4863B84A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.11.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "24BE9DCE-FD61-4649-9030-BB28A1C04A2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BA7D0AA-8B2D-4B37-B918-11FE6EE02DFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "837D536B-DF9E-4B4F-86BD-A72CF7761AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D2F8E17-EE0E-4419-9B93-1978D8D1BAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "228F15C5-14E8-45B6-B30D-03FDA490F1F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "06D2091D-4C26-4988-845D-822258B3C691", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:rc:*:*:*:*:*:*", "matchCriteriaId": "3DD75073-8D32-4E51-BB41-AC23AF41BB27", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BEA8E40C-43D1-4EF8-9098-F25D82A1659F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "806C227A-6A80-40F2-9C3F-2CB357F91279", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "4614BF63-6790-4375-81AA-98304F8B189E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "485EC6D0-DCF2-45A9-B39B-829176A68C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "818FE73A-0DFC-4B41-813A-B7D41C3B691B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B0478DA-F347-4BEF-9EA0-C8BDAD884EA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "63464213-BCA7-4E2B-81B1-65B236CD3046", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "66728511-A759-4C99-AD08-B14D2F67A264", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "7AA09BD9-8E5B-46A1-B1E4-56F1889C850A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F2B2442-CA49-4388-B90A-30E596CD160D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "78668D39-98B7-4E59-B6D5-24070B70229F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8D4F8D56-AEAB-4245-B5FB-636B1972205F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F060C8D0-A439-473E-A259-5B5EDB6E4609", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "41DD45B9-9046-4DA3-B57B-73503AF81973", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A512E99-64AF-4D49-AC89-F5DD2E7F362A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "9CF74E16-2F49-4A03-A3AE-8A62361A9E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "0F0DF07D-705B-4E38-89A9-196CB1E8ED68", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "51C143D2-D4DD-4959-91FA-A9DC290BAB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bundler:bundler:1.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "6B60D111-ABE6-4C62-94B0-44085B5FB651", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334."}, {"lang": "es", "value": "Bundler 1.x podr\u00eda permitir a atacantes remotos inyectar c\u00f3digo Ruby arbitrario en una aplicaci\u00f3n aprovechando una colisi\u00f3n de nombres de gemas en una fuente secundaria. NOTA: esto podr\u00eda solapar CVE-2013-0334."}], "id": "CVE-2016-7954", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-22T22:59:00.123", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/5"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/7"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93423"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/bundler/bundler/issues/5051"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/bundler/bundler/issues/5062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/10/05/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93423"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/bundler/bundler/issues/5051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/bundler/bundler/issues/5062"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rubygem-bundler: Code execution via gem name collision in bundler", "id": "1381951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381951"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-94", "details": ["Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334."], "name": "CVE-2016-7954", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "rubygem-bundler", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "rubygem-bundler", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "rubygem-bundler", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "rubygem-bundler", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "rubygem-bundler", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby22-rubygem-bundler", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby23-rubygem-bundler", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby24-rubygem-bundler", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-bundler", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "rubygem-bundler", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2016-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7954\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7954\nhttps://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability\nhttps://github.com/bundler/bundler/issues/5051\nhttps://github.com/bundler/bundler/issues/5274"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}