CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-1000037

RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution

Exploit prediction scoring system (EPSS) score

EPSS Score 0.217

EPSS Ranking 95.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.md
https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.md

Products affected by CVE-2017-1000037

Rvm Project » Rvm » Version: 1.28.0

cpe:2.3:a:rvm_project:rvm:1.28.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-1000037

Products

Pricing

Contact Us