| CVE-2017-0903 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted… |
| CVE-2017-0899 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque… |
| CVE-2017-0902 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… |
| CVE-2019-8324 |
high |
— |
8.0 |
|
|
|
7y ago |
Important: ruby:2.5 security update |
| CVE-2017-0900 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |
| CVE-2017-0901 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. |