Package impact
RubyGems / bundler
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-7954 | critical | 9.8 | 9.8 | 10y ago | Bundler allows attacker to inject arbitrary code via secondary Gem source | |
| CVE-2020-36327 | high | — | 8.0 | 6y ago | Important: ruby:2.5 security update | |
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security update | |
| CVE-2019-3881 | medium | — | 5.5 | 8y ago | Moderate: ruby:2.6 security, bug fix, and enhancement update | |
| CVE-2013-0334 | medium | — | 5.0 | 12y ago | Bundler may install gems from a different source than expected |