Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3
CVE-2020-36327
- EPSS 15.57%
- Published 29.04.2021 03:15:08
- Last modified 21.11.2024 05:29:17
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem t...
6.8
CVE-2021-24105
- EPSS 0.7%
- Published 25.02.2021 23:15:16
- Last modified 21.11.2024 05:52:21
<p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertio...
1