ruby-bundler

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Manages an application's dependencies through its entire life, across many machines, systematically and repeatably.
Version 2.2.26-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1891 2.2.17-1 2.2.18-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2020-36327 AVG-1891 Medium Yes Insufficient validation
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a...

Advisories

Date Advisory Group Severity Type
01 Jun 2021 ASA-202106-14 AVG-1891 Medium insufficient validation