CVE-2017-1000037
Last modified
CVE-2017-1000037 is a vulnerability of currently unknown severity. RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution. EPSS estimates a 6.18% chance of exploitation in the next 30 days.
Description
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rvm Project | Rvm | <= 1.28.0 |
References
- https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.mdExploit, Third Party Advisory
- https://github.com/justinsteven/advisories/blob/master/2017_rvm_cd_command_execution.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000037?
How severe is CVE-2017-1000037?
How do I fix CVE-2017-1000037?
Are you affected by CVE-2017-1000037?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST