pkg:RubyGems/bundler

5 total CVEsCRITICAL1HIGH2MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2016-7954Bundler allows attacker to inject arbitrary code via secondary Gem source
    >= 1.0.0, < 2.0.0
  • HIGH8.8CVE-2020-36327Dependency Confusion in Bundler
    >= 1.16.0, < 2.2.10
  • HIGH7.0CVE-2019-3881Insecure path handling in Bundler
    >= 1.14.0, < 2.1.0
  • MEDIUM6.7CVE-2021-43809Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
    from 0, < 2.2.33
  • CVE-2013-0334Bundler may install gems from a different source than expected
    from 0, < 1.7.0