Attacker Value
Unknown
CVE-2016-7954
CVE-2016-7954
(Last updated October 05, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- bundler
Products
- bundler 1.0.0,
- bundler 1.0.1,
- bundler 1.0.10,
- bundler 1.0.11,
- bundler 1.0.12,
- bundler 1.0.13,
- bundler 1.0.14,
- bundler 1.0.15,
- bundler 1.0.16,
- bundler 1.0.17,
- bundler 1.0.18,
- bundler 1.0.19,
- bundler 1.0.2,
- bundler 1.0.20,
- bundler 1.0.21,
- bundler 1.0.3,
- bundler 1.0.4,
- bundler 1.0.5,
- bundler 1.0.6,
- bundler 1.0.7,
- bundler 1.0.8,
- bundler 1.0.9,
- bundler 1.1,
- bundler 1.1.0,
- bundler 1.1.1,
- bundler 1.1.2,
- bundler 1.1.3,
- bundler 1.1.4,
- bundler 1.1.5,
- bundler 1.10.0,
- bundler 1.10.1,
- bundler 1.10.2,
- bundler 1.10.3,
- bundler 1.10.4,
- bundler 1.10.5,
- bundler 1.10.6,
- bundler 1.11.0,
- bundler 1.11.1,
- bundler 1.11.2,
- bundler 1.12.0,
- bundler 1.12.1,
- bundler 1.12.2,
- bundler 1.12.3,
- bundler 1.12.4,
- bundler 1.12.5,
- bundler 1.12.6,
- bundler 1.13.0,
- bundler 1.13.1,
- bundler 1.13.2,
- bundler 1.13.3,
- bundler 1.13.4,
- bundler 1.13.5,
- bundler 1.13.6,
- bundler 1.2.0,
- bundler 1.2.1,
- bundler 1.2.2,
- bundler 1.2.3,
- bundler 1.2.4,
- bundler 1.2.5,
- bundler 1.3.0,
- bundler 1.3.1,
- bundler 1.3.2,
- bundler 1.3.3,
- bundler 1.3.4,
- bundler 1.3.5,
- bundler 1.3.6,
- bundler 1.4.0,
- bundler 1.5.0,
- bundler 1.5.1,
- bundler 1.5.2,
- bundler 1.5.3,
- bundler 1.6.0,
- bundler 1.6.1,
- bundler 1.6.2,
- bundler 1.6.3,
- bundler 1.6.4,
- bundler 1.6.5,
- bundler 1.6.6,
- bundler 1.6.7,
- bundler 1.7.0,
- bundler 1.7.1,
- bundler 1.7.10,
- bundler 1.7.11,
- bundler 1.7.12,
- bundler 1.7.13,
- bundler 1.7.14,
- bundler 1.7.15,
- bundler 1.7.2,
- bundler 1.7.3,
- bundler 1.7.4,
- bundler 1.7.5,
- bundler 1.7.6,
- bundler 1.7.7,
- bundler 1.7.8,
- bundler 1.7.9,
- bundler 1.8.0,
- bundler 1.8.1,
- bundler 1.8.2,
- bundler 1.8.3,
- bundler 1.8.4,
- bundler 1.8.5,
- bundler 1.8.6,
- bundler 1.8.7,
- bundler 1.8.8,
- bundler 1.8.9,
- bundler 1.9.0,
- bundler 1.9.1,
- bundler 1.9.10,
- bundler 1.9.2,
- bundler 1.9.3,
- bundler 1.9.4,
- bundler 1.9.5,
- bundler 1.9.6,
- bundler 1.9.7,
- bundler 1.9.8,
- bundler 1.9.9
References
Advisory
