VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / rubygems-update

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-0903 critical 9.8 9.8 9y ago RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted… suseubuntudebianredhat+1
CVE-2017-0899 critical 9.8 9.8 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque… susedebianredhatruby
CVE-2017-0902 high 8.1 8.1 9y ago RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… susedebianredhatubuntu+1
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2017-0901 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. susedebianredhatubuntu+1
CVE-2017-0900 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. susedebianredhatruby
CVE-2012-2125 medium 5.8 14y ago RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. ubuntudebianruby
CVE-2015-3900 medium 5.0 11y ago RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… debianredhatruby
CVE-2015-4020 medium 4.3 11y ago RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… debianruby
CVE-2013-4363 medium 4.3 13y ago Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1… debianruby
CVE-2013-4287 medium 4.3 13y ago Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as use… redhatdebianruby
CVE-2012-2126 medium 4.3 14y ago RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. ubuntudebianruby
CVE-2018-1000079 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2018-1000074 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2018-1000077 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2018-1000078 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2018-1000076 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2018-1000075 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2018-1000073 unknown 4y ago RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains… susedebianrubyjava
CVE-2019-8325 unknown 7y ago ruby:2.5 bug fix and enhancement update susedebianrockylinuxruby
CVE-2019-8320 unknown 7y ago ruby:2.5 bug fix and enhancement update susedebianrockylinuxruby
CVE-2019-8321 unknown 7y ago ruby:2.5 bug fix and enhancement update susedebianrockylinuxruby
CVE-2019-8322 unknown 7y ago ruby:2.5 bug fix and enhancement update susedebianrockylinuxruby
CVE-2019-8323 unknown 7y ago ruby:2.5 bug fix and enhancement update susedebianrockylinuxruby
CVE-2007-0469 unknown 20y ago RubyGems file overwrite vulnerability ruby