CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
| Software | From | Fixed in |
|---|---|---|
| bundler / bundler | 1.3.0-pre | 1.3.0-pre.x |
| bundler / bundler | 1.12.2 | 1.12.2.x |
| bundler / bundler | 1.13.2 | 1.13.2.x |
| bundler / bundler | 1.6.4 | 1.6.4.x |
| bundler / bundler | 1.8.6 | 1.8.6.x |
| bundler / bundler | 1.0.7 | 1.0.7.x |
| bundler / bundler | 1.7.0 | 1.7.0.x |
| bundler / bundler | 1.12.0 | 1.12.0.x |
| bundler / bundler | 1.0.20-rc | 1.0.20-rc.x |
| bundler / bundler | 1.0.1 | 1.0.1.x |
| bundler / bundler | 1.12.1 | 1.12.1.x |
| bundler / bundler | 1.11.0 | 1.11.0.x |
| bundler / bundler | 1.7.3 | 1.7.3.x |
| bundler / bundler | 1.7.13 | 1.7.13.x |
| bundler / bundler | 1.5.2 | 1.5.2.x |
| bundler / bundler | 1.10.6 | 1.10.6.x |
| bundler / bundler | 1.1.0 | 1.1.0.x |
| bundler / bundler | 1.12.0-rc | 1.12.0-rc.x |
| bundler / bundler | 1.8.0-rc | 1.8.0-rc.x |
| bundler / bundler | 1.3.4 | 1.3.4.x |
| bundler / bundler | 1.13.1 | 1.13.1.x |
| bundler / bundler | 1.2.0 | 1.2.0.x |
| bundler / bundler | 1.9.0-rc | 1.9.0-rc.x |
| bundler / bundler | 1.9.7 | 1.9.7.x |
| bundler / bundler | 1.3.6 | 1.3.6.x |
| bundler / bundler | 1.1.1 | 1.1.1.x |
| bundler / bundler | 1.8.3 | 1.8.3.x |
| bundler / bundler | 1.7.7 | 1.7.7.x |
| bundler / bundler | 1.7.1 | 1.7.1.x |
| bundler / bundler | 1.9.2 | 1.9.2.x |
| bundler / bundler | 1.0.14 | 1.0.14.x |
| bundler / bundler | 1.9.9 | 1.9.9.x |
| bundler / bundler | 1.10.5 | 1.10.5.x |
| bundler / bundler | 1.8.5 | 1.8.5.x |
| bundler / bundler | 1.9.8 | 1.9.8.x |
| bundler / bundler | 1.5.1 | 1.5.1.x |
| bundler / bundler | 1.0.2 | 1.0.2.x |
| bundler / bundler | 1.3.3 | 1.3.3.x |
| bundler / bundler | 1.10.0-rc | 1.10.0-rc.x |
| bundler / bundler | 1.10.2 | 1.10.2.x |
| bundler / bundler | 1.8.0-pre | 1.8.0-pre.x |
| bundler / bundler | 1.0.21 | 1.0.21.x |
| bundler / bundler | 1.13.4 | 1.13.4.x |
| bundler / bundler | 1.1.5 | 1.1.5.x |
| bundler / bundler | 1.3.2 | 1.3.2.x |
| bundler / bundler | 1.0.6 | 1.0.6.x |
| bundler / bundler | 1.0.10 | 1.0.10.x |
| bundler / bundler | 1.10.4 | 1.10.4.x |
| bundler / bundler | 1.2.0-rc | 1.2.0-rc.x |
| bundler / bundler | 1.7.9 | 1.7.9.x |
| bundler / bundler | 1.12.6 | 1.12.6.x |
| bundler / bundler | 1.0.12 | 1.0.12.x |
| bundler / bundler | 1.0.19-rc | 1.0.19-rc.x |
| bundler / bundler | 1.1.3 | 1.1.3.x |
| bundler / bundler | 1.6.2 | 1.6.2.x |
| bundler / bundler | 1.9.1 | 1.9.1.x |
| bundler / bundler | 1.7.2 | 1.7.2.x |
| bundler / bundler | 1.5.0 | 1.5.0.x |
| bundler / bundler | 1.0.13 | 1.0.13.x |
| bundler / bundler | 1.8.8 | 1.8.8.x |
| bundler / bundler | 1.6.5 | 1.6.5.x |
| bundler / bundler | 1.13.5 | 1.13.5.x |
| bundler / bundler | 1.7.11 | 1.7.11.x |
| bundler / bundler | 1.7.8 | 1.7.8.x |
| bundler / bundler | 1.1.4 | 1.1.4.x |
| bundler / bundler | 1.0.5 | 1.0.5.x |
| bundler / bundler | 1.0.0 | 1.0.0.x |
| bundler / bundler | 1.7.10 | 1.7.10.x |
| bundler / bundler | 1.7.12 | 1.7.12.x |
| bundler / bundler | 1.7.6 | 1.7.6.x |
| bundler / bundler | 1.8.2 | 1.8.2.x |
| bundler / bundler | 1.10.1 | 1.10.1.x |
| bundler / bundler | 1.9.10 | 1.9.10.x |
| bundler / bundler | 1.0.20 | 1.0.20.x |
| bundler / bundler | 1.2.2 | 1.2.2.x |
| bundler / bundler | 1.12.5 | 1.12.5.x |
| bundler / bundler | 1.2.4 | 1.2.4.x |
| bundler / bundler | 1.13.6 | 1.13.6.x |
| bundler / bundler | 1.8.9 | 1.8.9.x |
| bundler / bundler | 1.2.3 | 1.2.3.x |
| bundler / bundler | 1.0.8 | 1.0.8.x |
| bundler / bundler | 1.3.1 | 1.3.1.x |
| bundler / bundler | 1.5.3 | 1.5.3.x |
| bundler / bundler | 1.1-rc | 1.1-rc.x |
| bundler / bundler | 1.6.7 | 1.6.7.x |
| bundler / bundler | 1.0.4 | 1.0.4.x |
| bundler / bundler | 1.6.1 | 1.6.1.x |
| bundler / bundler | 1.0.11 | 1.0.11.x |
| bundler / bundler | 1.9.5 | 1.9.5.x |
| bundler / bundler | 1.10.0 | 1.10.0.x |
| bundler / bundler | 1.9.6 | 1.9.6.x |
| bundler / bundler | 1.11.1 | 1.11.1.x |
| bundler / bundler | 1.0.16 | 1.0.16.x |
| bundler / bundler | 1.12.3 | 1.12.3.x |
| bundler / bundler | 1.1.2 | 1.1.2.x |
| bundler / bundler | 1.9.0 | 1.9.0.x |
| bundler / bundler | 1.0.21-rc | 1.0.21-rc.x |
| bundler / bundler | 1.0.17 | 1.0.17.x |
| bundler / bundler | 1.8.0 | 1.8.0.x |
| bundler / bundler | 1.8.4 | 1.8.4.x |
| bundler / bundler | 1.2.1 | 1.2.1.x |
| bundler / bundler | 1.3.5 | 1.3.5.x |
| bundler / bundler | 1.7.4 | 1.7.4.x |
| bundler / bundler | 1.2.5 | 1.2.5.x |
| bundler / bundler | 1.8.7 | 1.8.7.x |
| bundler / bundler | 1.0.3 | 1.0.3.x |
| bundler / bundler | 1.13.0 | 1.13.0.x |
| bundler / bundler | 1.3.0 | 1.3.0.x |
| bundler / bundler | 1.7.15 | 1.7.15.x |
| bundler / bundler | 1.0.15 | 1.0.15.x |
| bundler / bundler | 1.0.18 | 1.0.18.x |
| bundler / bundler | 1.12.4 | 1.12.4.x |
| bundler / bundler | 1.8.1 | 1.8.1.x |
| bundler / bundler | 1.6.6 | 1.6.6.x |
| bundler / bundler | 1.10.3 | 1.10.3.x |
| bundler / bundler | 1.11.2 | 1.11.2.x |
| bundler / bundler | 1.2.0-pre | 1.2.0-pre.x |
| bundler / bundler | 1.13.3 | 1.13.3.x |
| bundler / bundler | 1.7.14 | 1.7.14.x |
| bundler / bundler | 1.9.0-pre | 1.9.0-pre.x |
| bundler / bundler | 1.9.4 | 1.9.4.x |
| bundler / bundler | 1.10.0-pre | 1.10.0-pre.x |
| bundler / bundler | 1.1-pre | 1.1-pre.x |
| bundler / bundler | 1.6.3 | 1.6.3.x |
| bundler / bundler | 1.6.0 | 1.6.0.x |
| bundler / bundler | 1.9.3 | 1.9.3.x |
| bundler / bundler | 1.0.9 | 1.0.9.x |
| bundler / bundler | 1.7.5 | 1.7.5.x |
| bundler / bundler | 1.0.0-beta1 | 1.0.0-beta1.x |
| bundler / bundler | 1.0.0-beta10 | 1.0.0-beta10.x |
| bundler / bundler | 1.0.0-beta6 | 1.0.0-beta6.x |
| bundler / bundler | 1.0.0-beta7 | 1.0.0-beta7.x |
| bundler / bundler | 1.0.0-beta8 | 1.0.0-beta8.x |
| bundler / bundler | 1.0.0-beta9 | 1.0.0-beta9.x |
| bundler / bundler | 1.0.0-rc1 | 1.0.0-rc1.x |
| bundler / bundler | 1.0.0-rc2 | 1.0.0-rc2.x |
| bundler / bundler | 1.0.0-rc3 | 1.0.0-rc3.x |
| bundler / bundler | 1.0.0-rc4 | 1.0.0-rc4.x |
| bundler / bundler | 1.0.0-rc5 | 1.0.0-rc5.x |
| bundler / bundler | 1.0.0-rc6 | 1.0.0-rc6.x |
| bundler / bundler | 1.1-pre1 | 1.1-pre1.x |
| bundler / bundler | 1.1-pre10 | 1.1-pre10.x |
| bundler / bundler | 1.1-pre2 | 1.1-pre2.x |
| bundler / bundler | 1.1-pre3 | 1.1-pre3.x |
| bundler / bundler | 1.1-pre4 | 1.1-pre4.x |
| bundler / bundler | 1.1-pre5 | 1.1-pre5.x |
| bundler / bundler | 1.1-pre6 | 1.1-pre6.x |
| bundler / bundler | 1.1-pre7 | 1.1-pre7.x |
| bundler / bundler | 1.1-pre8 | 1.1-pre8.x |
| bundler / bundler | 1.1-pre9 | 1.1-pre9.x |
| bundler / bundler | 1.1-rc2 | 1.1-rc2.x |
| bundler / bundler | 1.1-rc3 | 1.1-rc3.x |
| bundler / bundler | 1.1-rc4 | 1.1-rc4.x |
| bundler / bundler | 1.1-rc5 | 1.1-rc5.x |
| bundler / bundler | 1.1-rc6 | 1.1-rc6.x |
| bundler / bundler | 1.1-rc7 | 1.1-rc7.x |
| bundler / bundler | 1.1-rc8 | 1.1-rc8.x |
| bundler / bundler | 1.2.0-pre1 | 1.2.0-pre1.x |
| bundler / bundler | 1.2.0-rc2 | 1.2.0-rc2.x |
| bundler / bundler | 1.3.0-pre2 | 1.3.0-pre2.x |
| bundler / bundler | 1.3.0-pre3 | 1.3.0-pre3.x |
| bundler / bundler | 1.3.0-pre4 | 1.3.0-pre4.x |
| bundler / bundler | 1.3.0-pre5 | 1.3.0-pre5.x |
| bundler / bundler | 1.3.0-pre6 | 1.3.0-pre6.x |
| bundler / bundler | 1.3.0-pre7 | 1.3.0-pre7.x |
| bundler / bundler | 1.3.0-pre8 | 1.3.0-pre8.x |
| bundler / bundler | 1.4.0-pre1 | 1.4.0-pre1.x |
| bundler / bundler | 1.4.0-rc1 | 1.4.0-rc1.x |
| bundler / bundler | 1.5.0-rc1 | 1.5.0-rc1.x |
| bundler / bundler | 1.5.0-rc2 | 1.5.0-rc2.x |
| bundler / bundler | 1.9.0-pre1 | 1.9.0-pre1.x |
| bundler / bundler | 1.10.0-pre1 | 1.10.0-pre1.x |
| bundler / bundler | 1.10.0-pre2 | 1.10.0-pre2.x |
| bundler / bundler | 1.11.0-pre1 | 1.11.0-pre1.x |
| bundler / bundler | 1.11.0-pre2 | 1.11.0-pre2.x |
| bundler / bundler | 1.12.0-pre1 | 1.12.0-pre1.x |
| bundler / bundler | 1.12.0-pre2 | 1.12.0-pre2.x |
| bundler / bundler | 1.12.0-rc2 | 1.12.0-rc2.x |
| bundler / bundler | 1.12.0-rc3 | 1.12.0-rc3.x |
| bundler / bundler | 1.12.0-rc4 | 1.12.0-rc4.x |
| bundler / bundler | 1.13.0-pre1 | 1.13.0-pre1.x |
| bundler / bundler | 1.13.0-rc1 | 1.13.0-rc1.x |
| bundler / bundler | 1.13.0-rc2 | 1.13.0-rc2.x |
- http://collectiveidea.com/blog/archives/2016/10/06/bundlers-multiple-source-security-vulnerability/
- http://www.openwall.com/lists/oss-security/2016/10/04/5
- http://www.openwall.com/lists/oss-security/2016/10/04/7
- http://www.openwall.com/lists/oss-security/2016/10/05/3
- http://www.securityfocus.com/bid/93423
- https://bugzilla.redhat.com/show_bug.cgi?id=1381951
- https://github.com/bundler/bundler/issues/5051
- https://github.com/bundler/bundler/issues/5062
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime