Package impact

RubyGems / rubygems-update

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2012-2125	medium	—	5.8	14y ago	RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
CVE-2015-3900	medium	—	5.0	11y ago	RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t…
CVE-2015-4020	medium	—	4.3	11y ago	RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t…
CVE-2013-4363	medium	—	4.3	13y ago	Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1…
CVE-2013-4287	medium	—	4.3	13y ago	Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as use…
CVE-2012-2126	medium	—	4.3	14y ago	RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
CVE-2018-1000079	unknown	—	—	4y ago	RubyGems Path Traversal vulnerability
CVE-2018-1000077	unknown	—	—	4y ago	RubyGems Improper Input Validation vulnerability
CVE-2018-1000078	unknown	—	—	4y ago	RubyGems Cross-site Scripting vulnerability
CVE-2018-1000075	unknown	—	—	4y ago	RubyGems Infinite Loop vulnerability
CVE-2018-1000073	unknown	—	—	4y ago	RubyGems Link Following vulnerability