CVE-2021-43809 - `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2

CVE-2021-43809

Summary

`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code.

References

Vulnerable Configurations

cpe:2.3:a:bundler:bundler:0.3.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.3.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.4.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.4.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.4.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.4.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.5.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.5.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.6.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.6.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.7.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.7.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.7.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.7.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.8.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.8.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.8.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.8.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.8.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.8.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:pre5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.0:pre5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.16:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.16:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.17:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.17:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.18:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.18:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.19:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.19:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.20:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.20:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.21:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.21:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.22:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.22:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.23:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.23:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.24:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.24:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.25:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.25:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.26:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:0.9.26:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta10:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta10:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta9:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:beta9:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.0:rc6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.16:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.16:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.17:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.17:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.18:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.18:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.19:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.19:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.20:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.20:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.20:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.20:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.21:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.21:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.21:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.21:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.21.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.21.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.22:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.0.22:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre10:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre10:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre9:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:pre9:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1:rc8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.1.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.2.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre5:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre6:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre7:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.0:pre8:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.3.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.4.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.4.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.4.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.4.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.4.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.4.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.5.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.6.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.1:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.7.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.8.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.9.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:pre:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.10.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.11.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.0:rc4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.12.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.13.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.14.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.0:pre4:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.15.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.16.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:1.17.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.0:pre3:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.0.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.0:pre1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.0:pre2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.1.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.0:-:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.0:rc1:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.0:rc2:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.1:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.2:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.3:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.4:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.5:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.6:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.7:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.8:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.9:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.10:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.11:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.12:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.13:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.14:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.15:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.16:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.16:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.17:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.17:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.18:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.18:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.19:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.19:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.20:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.20:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.21:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.21:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.22:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.22:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.23:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.23:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.24:*:*:*:*:ruby:*:*
cpe:2.3:a:bundler:bundler:2.2.24:*:*:*:*:ruby:*:*

CVSS

Base:	9.3 (as of 27-10-2023 - 12:57)
Impact:
Exploitability:

CWE

CWE-88

CAPEC

OS Command Injection
In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
Parameter Injection
An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value "myInput&new_param=myValue", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example.
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system.
HTTP Parameter Pollution (HPP)
An attacker overrides or adds HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP parameters, modify the application behaviors, access and, potentially exploit, uncontrollable variables, and bypass input validation checkpoints and WAF rules.
Flash Parameter Injection
An adversary takes advantage of improper data validation to inject malicious global parameters into a Flash file embedded within an HTML document. Flash files can leverage user-submitted data to configure the Flash document and access the embedding HTML document. These 'FlashVars' are most often passed to the Flash file via URL arguments or from the Object or Embed tag within the embedding HTML document. If these FlashVars are not properly sanitized, an adversary may be able to embed malicious content (such as scripts) into the HTML document. The injected parameters can also provide the adversary control over other objects within the Flash file as well as full control over the parent document's DOM model. As such, this is a form of HTTP parameter injection, but the abilities granted to the Flash document (such as access to a page's document model, including associated cookies) make this attack more flexible. Flash Parameter Injection attacks can also preface further attacks such as various forms of Cross-Site Scripting (XSS) attacks in addition to Session Hijacking attacks.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

Last major update

27-10-2023 - 12:57

Published

08-12-2021 - 19:15

Last modified

27-10-2023 - 12:57