Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
RubyGems Deserialization of Untrusted Data Vulnerability - CVE-2017-0903 - Vulnerability Database
RubyGems

RubyGems Deserialization of Untrusted Data Vulnerability - CVE-2017-0903

Critical
Reference: CVE-2017-0903
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-0903
Title: RubyGems Deserialization of Untrusted Data Vulnerability
Overview:

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.