Package impact

RubyGems / rubygems-update

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2017-0903	critical	9.8	9.8	9y ago	RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted…	+1
CVE-2017-0899	critical	9.8	9.8	9y ago	RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque…
CVE-2018-1000079	unknown	—	—	4y ago	RubyGems Path Traversal vulnerability
CVE-2018-1000074	unknown	—	—	4y ago	RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-1000077	unknown	—	—	4y ago	RubyGems Improper Input Validation vulnerability
CVE-2018-1000078	unknown	—	—	4y ago	RubyGems Cross-site Scripting vulnerability
CVE-2018-1000076	unknown	—	—	4y ago	RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000075	unknown	—	—	4y ago	RubyGems Infinite Loop vulnerability
CVE-2018-1000073	unknown	—	—	4y ago	RubyGems Link Following vulnerability