Package impact
RubyGems / rubygems-update
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-0902 | high | 8.1 | 8.1 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… | |
| CVE-2019-8324 | high | — | 8.0 | 7y ago | Important: ruby:2.5 security update | |
| CVE-2017-0900 | high | 7.5 | 7.5 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | |
| CVE-2017-0901 | high | 7.5 | 7.5 | 9y ago | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. |