What the vulnerability does

01Description

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Key dates

02Disclosure timeline

August 31, 2017 CVE published
September 17, 2024 Record updated