ruby-bundler

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Manages an application's dependencies through its entire life, across many machines, systematically and repeatably
Version 2.6.0-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2615 2.2.26-1 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-43809 AVG-2615 Low Yes Arbitrary command execution
In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1891 2.2.17-1 2.2.18-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2020-36327 AVG-1891 Medium Yes Insufficient validation
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a...

Advisories

Date Advisory Group Severity Type
01 Jun 2021 ASA-202106-14 AVG-1891 Medium insufficient validation