VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Microsoft
> Package Manager Configurations
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-04-29
CVE-2020-36327
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.
network
low complexity
bundler
fedoraproject
microsoft
8.8
8.8