Vulnerability with bundler 2.2.10

Question

Vulnerability with bundler 2.2.10

ghbren opened this issue 3 years ago · comments

There is a vulnerability with bundler 2.2.10 that causes wrong gem versions to be installed.
Please see rubygems/rubygems#4383

Could you add it to the DB? Thanks.

Reed Loden · Answer 1 · Sun Feb 21 2021 14:47:26 GMT+0800 (China Standard Time)

I don't see where rubygems is treating that as a security issue. Can you follow the directions at https://rubygems.org/pages/security and report the issue to them? To add something to the ruby-advisory-db, we need an advisory ID such as CVE ID or GHSA ID.

Reed Loden · Answer 2 · Sat Mar 20 2021 06:23:15 GMT+0800 (China Standard Time)

Closing due to lack of response.