Allele Security Alert
Escape sequence injection vulnerability in verbose
RubyGems 2.6 and later through 3.0.2
Proof of concept
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
March 2019 Security Advisories
Clean ascii escape sequence polluted messages processed by Gem::UserInteraction#verbose
Fix missing closing parenthesis in Gem::UserInteraction#verbose
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 19, 2019