VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / rubygems-update

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-0903 critical 9.8 9.8 9y ago RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted…
CVE-2017-0899 critical 9.8 9.8 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque…
CVE-2017-0902 high 8.1 8.1 9y ago RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke…
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update
CVE-2017-0900 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
CVE-2017-0901 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability
CVE-2018-1000075 unknown 4y ago RubyGems Infinite Loop vulnerability
CVE-2018-1000073 unknown 4y ago RubyGems Link Following vulnerability
CVE-2019-8321 unknown 7y ago ruby:2.5 bug fix and enhancement update
CVE-2019-8325 unknown 7y ago ruby:2.5 bug fix and enhancement update
CVE-2019-8323 unknown 7y ago ruby:2.5 bug fix and enhancement update
CVE-2019-8322 unknown 7y ago ruby:2.5 bug fix and enhancement update
CVE-2019-8320 unknown 7y ago ruby:2.5 bug fix and enhancement update