7.5

CVE-2017-0900

Exploit
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.49% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2018:0583
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2017/dsa-3966
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3485
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0378
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0585
Third Party Advisory
http://blog.rubygems.org/2017/08/27/2.6.13-released.html
Patch
Vendor Advisory
http://www.securitytracker.com/id/1039249
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201710-01
Third Party Advisory
http://www.securityfocus.com/bid/100579
Third Party Advisory
VDB Entry
https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251
Patch
Third Party Advisory
https://hackerone.com/reports/243003
Third Party Advisory
Exploit