Bundler
CVE-2013-0334
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
AnalysisAI
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Affected products include: Bundler, Opensuse, Fedoraproject Fedora. Version information: before 1.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name coll
`Bundler` is a package for managing application dependencies in Ruby. Rated high severity (CVSS 7.3), this vulnerability
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today