Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2016-12-22	CVE-2016-7954	Code Injection vulnerability in Bundler Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. network low complexity bundler CWE-94 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.