Vulnerability with bundler 2.2.10
ghbren opened this issue · comments
ghbren commented
There is a vulnerability with bundler 2.2.10 that causes wrong gem versions to be installed.
Please see rubygems/rubygems#4383
Could you add it to the DB? Thanks.
Reed Loden commented
I don't see where rubygems is treating that as a security issue. Can you follow the directions at https://rubygems.org/pages/security and report the issue to them? To add something to the ruby-advisory-db, we need an advisory ID such as CVE ID or GHSA ID.
Reed Loden commented
Closing due to lack of response.