| CVE-2017-0903 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted… |
| CVE-2017-0899 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque… |
| CVE-2017-0902 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… |
| CVE-2019-8324 |
high |
— |
8.0 |
|
|
|
7y ago |
Important: ruby:2.5 security update |
| CVE-2017-0900 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |
| CVE-2017-0901 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. |
| CVE-2012-2125 |
medium |
— |
5.8 |
|
|
|
14y ago |
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. |
| CVE-2015-3900 |
medium |
— |
5.0 |
|
|
|
11y ago |
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… |
| CVE-2015-4020 |
medium |
— |
4.3 |
|
|
|
11y ago |
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… |
| CVE-2013-4363 |
medium |
— |
4.3 |
|
|
|
13y ago |
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1… |
| CVE-2013-4287 |
medium |
— |
4.3 |
|
|
|
13y ago |
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as use… |
| CVE-2012-2126 |
medium |
— |
4.3 |
|
|
|
14y ago |
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. |
| CVE-2018-1000077 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Improper Input Validation vulnerability |
| CVE-2018-1000078 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Cross-site Scripting vulnerability |
| CVE-2018-1000079 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Path Traversal vulnerability |
| CVE-2018-1000076 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Improper Verification of Cryptographic Signature vulnerability |
| CVE-2018-1000074 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Deserialization of Untrusted Data vulnerability |
| CVE-2018-1000075 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Infinite Loop vulnerability |
| CVE-2018-1000073 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Link Following vulnerability |