RubySec

Providing security resources for the Ruby community

CVE-2013-0334 (bundler): Bundler Gem for Ruby Multiple Top-level Source Lines Gemfile Handling Gem Installation Spoofing

ADVISORIES

GEM

bundler

SEVERITY

CVSS v2: 5.0

PATCHED VERSIONS

  • >= 1.7.0

DESCRIPTION

Bundler Gem for Ruby contains a flaw that is triggered when handling a gemfile that contains multiple top-level source lines. This may allow a context-dependent attacker to install specially crafted gems on a remote system, leading to arbitrary code execution.