AVG-1891 log

Package ruby-bundler
Status Fixed
Severity Medium
Type insufficient validation
Affected 2.2.17-1
Fixed 2.2.18-1
Current 2.3.25-1 [community]
Ticket None
Created Thu Apr 29 12:49:26 2021
Issue Severity Remote Type Description
CVE-2020-36327 Medium Yes Insufficient validation
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a...
Date Advisory Package Type
01 Jun 2021 ASA-202106-14 ruby-bundler insufficient validation