Package impact

RubyGems / rubygems-update

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2017-0903	critical	9.8	9.8	9y ago	RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted…	+1
CVE-2017-0899	critical	9.8	9.8	9y ago	RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque…
CVE-2017-0902	high	8.1	8.1	9y ago	RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke…	+1
CVE-2019-8324	high	—	8.0	7y ago	Important: ruby:2.5 security update
CVE-2017-0901	high	7.5	7.5	9y ago	RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.	+1
CVE-2017-0900	high	7.5	7.5	9y ago	RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
CVE-2018-1000077	unknown	—	—	4y ago	RubyGems Improper Input Validation vulnerability
CVE-2018-1000078	unknown	—	—	4y ago	RubyGems Cross-site Scripting vulnerability
CVE-2018-1000079	unknown	—	—	4y ago	RubyGems Path Traversal vulnerability
CVE-2018-1000076	unknown	—	—	4y ago	RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000074	unknown	—	—	4y ago	RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-1000075	unknown	—	—	4y ago	RubyGems Infinite Loop vulnerability
CVE-2018-1000073	unknown	—	—	4y ago	RubyGems Link Following vulnerability