CVE-2016-7954

EUVD-2022-4435
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
bundlerbundler
1.0.0
bundlerbundler
1.0.0:beta1
bundlerbundler
1.0.0:beta10
bundlerbundler
1.0.0:beta6
bundlerbundler
1.0.0:beta7
bundlerbundler
1.0.0:beta8
bundlerbundler
1.0.0:beta9
bundlerbundler
1.0.0:rc1
bundlerbundler
1.0.0:rc2
bundlerbundler
1.0.0:rc3
bundlerbundler
1.0.0:rc4
bundlerbundler
1.0.0:rc5
bundlerbundler
1.0.0:rc6
bundlerbundler
1.0.1
bundlerbundler
1.0.2
bundlerbundler
1.0.3
bundlerbundler
1.0.4
bundlerbundler
1.0.5
bundlerbundler
1.0.6
bundlerbundler
1.0.7
bundlerbundler
1.0.8
bundlerbundler
1.0.9
bundlerbundler
1.0.10
bundlerbundler
1.0.11
bundlerbundler
1.0.12
bundlerbundler
1.0.13
bundlerbundler
1.0.14
bundlerbundler
1.0.15
bundlerbundler
1.0.16
bundlerbundler
1.0.17
bundlerbundler
1.0.18
bundlerbundler
1.0.19:rc
bundlerbundler
1.0.20
bundlerbundler
1.0.20:rc
bundlerbundler
1.0.21
bundlerbundler
1.0.21:rc
bundlerbundler
1.1:pre
bundlerbundler
1.1:pre1
bundlerbundler
1.1:pre10
bundlerbundler
1.1:pre2
bundlerbundler
1.1:pre3
bundlerbundler
1.1:pre4
bundlerbundler
1.1:pre5
bundlerbundler
1.1:pre6
bundlerbundler
1.1:pre7
bundlerbundler
1.1:pre8
bundlerbundler
1.1:pre9
bundlerbundler
1.1:rc
bundlerbundler
1.1:rc2
bundlerbundler
1.1:rc3
bundlerbundler
1.1:rc4
bundlerbundler
1.1:rc5
bundlerbundler
1.1:rc6
bundlerbundler
1.1:rc7
bundlerbundler
1.1:rc8
bundlerbundler
1.1.0
bundlerbundler
1.1.1
bundlerbundler
1.1.2
bundlerbundler
1.1.3
bundlerbundler
1.1.4
bundlerbundler
1.1.5
bundlerbundler
1.2.0
bundlerbundler
1.2.0:pre
bundlerbundler
1.2.0:pre1
bundlerbundler
1.2.0:rc
bundlerbundler
1.2.0:rc2
bundlerbundler
1.2.1
bundlerbundler
1.2.2
bundlerbundler
1.2.3
bundlerbundler
1.2.4
bundlerbundler
1.2.5
bundlerbundler
1.3.0
bundlerbundler
1.3.0:pre
bundlerbundler
1.3.0:pre2
bundlerbundler
1.3.0:pre3
bundlerbundler
1.3.0:pre4
bundlerbundler
1.3.0:pre5
bundlerbundler
1.3.0:pre6
bundlerbundler
1.3.0:pre7
bundlerbundler
1.3.0:pre8
bundlerbundler
1.3.1
bundlerbundler
1.3.2
bundlerbundler
1.3.3
bundlerbundler
1.3.4
bundlerbundler
1.3.5
bundlerbundler
1.3.6
bundlerbundler
1.4.0:pre1
bundlerbundler
1.4.0:rc1
bundlerbundler
1.5.0
bundlerbundler
1.5.0:rc1
bundlerbundler
1.5.0:rc2
bundlerbundler
1.5.1
bundlerbundler
1.5.2
bundlerbundler
1.5.3
bundlerbundler
1.6.0
bundlerbundler
1.6.1
bundlerbundler
1.6.2
bundlerbundler
1.6.3
bundlerbundler
1.6.4
bundlerbundler
1.6.5
bundlerbundler
1.6.6
bundlerbundler
1.6.7
bundlerbundler
1.7.0
bundlerbundler
1.7.1
bundlerbundler
1.7.2
bundlerbundler
1.7.3
bundlerbundler
1.7.4
bundlerbundler
1.7.5
bundlerbundler
1.7.6
bundlerbundler
1.7.7
bundlerbundler
1.7.8
bundlerbundler
1.7.9
bundlerbundler
1.7.10
bundlerbundler
1.7.11
bundlerbundler
1.7.12
bundlerbundler
1.7.13
bundlerbundler
1.7.14
bundlerbundler
1.7.15
bundlerbundler
1.8.0
bundlerbundler
1.8.0:pre
bundlerbundler
1.8.0:rc
bundlerbundler
1.8.1
bundlerbundler
1.8.2
bundlerbundler
1.8.3
bundlerbundler
1.8.4
bundlerbundler
1.8.5
bundlerbundler
1.8.6
bundlerbundler
1.8.7
bundlerbundler
1.8.8
bundlerbundler
1.8.9
bundlerbundler
1.9.0
bundlerbundler
1.9.0:pre
bundlerbundler
1.9.0:pre1
bundlerbundler
1.9.0:rc
bundlerbundler
1.9.1
bundlerbundler
1.9.2
bundlerbundler
1.9.3
bundlerbundler
1.9.4
bundlerbundler
1.9.5
bundlerbundler
1.9.6
bundlerbundler
1.9.7
bundlerbundler
1.9.8
bundlerbundler
1.9.9
bundlerbundler
1.9.10
bundlerbundler
1.10.0
bundlerbundler
1.10.0:pre
bundlerbundler
1.10.0:pre1
bundlerbundler
1.10.0:pre2
bundlerbundler
1.10.0:rc
bundlerbundler
1.10.1
bundlerbundler
1.10.2
bundlerbundler
1.10.3
bundlerbundler
1.10.4
bundlerbundler
1.10.5
bundlerbundler
1.10.6
bundlerbundler
1.11.0
bundlerbundler
1.11.0:pre1
bundlerbundler
1.11.0:pre2
bundlerbundler
1.11.1
bundlerbundler
1.11.2
bundlerbundler
1.12.0
bundlerbundler
1.12.0:pre1
bundlerbundler
1.12.0:pre2
bundlerbundler
1.12.0:rc
bundlerbundler
1.12.0:rc2
bundlerbundler
1.12.0:rc3
bundlerbundler
1.12.0:rc4
bundlerbundler
1.12.1
bundlerbundler
1.12.2
bundlerbundler
1.12.3
bundlerbundler
1.12.4
bundlerbundler
1.12.5
bundlerbundler
1.12.6
bundlerbundler
1.13.0
bundlerbundler
1.13.0:pre1
bundlerbundler
1.13.0:rc1
bundlerbundler
1.13.0:rc2
bundlerbundler
1.13.1
bundlerbundler
1.13.2
bundlerbundler
1.13.3
bundlerbundler
1.13.4
bundlerbundler
1.13.5
bundlerbundler
1.13.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bundler
artful
ignored
bionic
deferred
cosmic
ignored
disco
ignored
eoan
ignored
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
precise
dne
trusty
dne
xenial
deferred
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/
http://www.openwall.com/lists/oss-security/2016/10/04/5
http://www.openwall.com/lists/oss-security/2016/10/04/7
http://www.openwall.com/lists/oss-security/2016/10/05/3
http://www.securityfocus.com/bid/93423
https://bugzilla.redhat.com/show_bug.cgi?id=1381951
https://github.com/bundler/bundler/issues/5051
https://github.com/bundler/bundler/issues/5062
http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/
http://www.openwall.com/lists/oss-security/2016/10/04/5
http://www.openwall.com/lists/oss-security/2016/10/04/7
http://www.openwall.com/lists/oss-security/2016/10/05/3
http://www.securityfocus.com/bid/93423
https://bugzilla.redhat.com/show_bug.cgi?id=1381951
https://github.com/bundler/bundler/issues/5051
https://github.com/bundler/bundler/issues/5062