VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / rubygems-update

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-0902 high 8.1 8.1 9y ago RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… susedebianredhatubuntu+1
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2017-0900 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. susedebianredhatruby
CVE-2017-0901 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. susedebianredhatubuntu+1
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability susedebianrubyjava
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability susedebianrubyjava
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability susedebianrubyjava
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability susedebianrubyjava
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability susedebianrubyjava
CVE-2018-1000075 unknown 4y ago RubyGems Infinite Loop vulnerability susedebianrubyjava
CVE-2018-1000073 unknown 4y ago RubyGems Link Following vulnerability susedebianrubyjava