ByteOS Network

CWE-150:Improper Neutralization of Escape, Meta, or Control Sequences

Weakness ID:150

Version:v4.17

Weakness Name:Improper Neutralization of Escape, Meta, or Control Sequences

Vulnerability Mapping:Allowed

Abstraction:Variant

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

51Vulnerabilities found

CVE-2017-0899

Assigner-HackerOne

View Details

Assigner-HackerOne

CVSS Score-9.8||CRITICAL

EPSS-9.53% / 92.95%

7 Day CHG+2.17%

Published-31 Aug, 2017 | 20:00

Updated-13 May, 2026 | 00:24

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

Vendor-rubygems HackerOne Red Hat, Inc.Debian GNU/Linux

Product-debian_linux enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_tus enterprise_linux_desktop rubygems enterprise_linux_server_eus enterprise_linux_server_aus RubyGems

CWE ID-CWE-150

Improper Neutralization of Escape, Meta, or Control Sequences

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')