Rubygems

Rubygems

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2018-1000077

  • EPSS 0.76%
  • Veröffentlicht 13.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:35

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby ...

9.8

CVE-2018-1000076

  • EPSS 0.86%
  • Veröffentlicht 13.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:35

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature...

7.5

CVE-2018-1000075

  • EPSS 1.63%
  • Veröffentlicht 13.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:34

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerabil...

7.5

CVE-2018-1000073

  • EPSS 0.98%
  • Veröffentlicht 13.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:34

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_loc...

9.8

CVE-2017-0903

  • EPSS 4.9%
  • Veröffentlicht 11.10.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalat...

8.1

CVE-2017-0902

Exploit
  • EPSS 4.54%
  • Veröffentlicht 31.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

7.5

CVE-2017-0901

Exploit
  • EPSS 18.56%
  • Veröffentlicht 31.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

7.5

CVE-2017-0900

Exploit
  • EPSS 12.22%
  • Veröffentlicht 31.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

9.8

CVE-2017-0899

Exploit
  • EPSS 9.67%
  • Veröffentlicht 31.08.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

4.3

CVE-2015-4020

  • EPSS 0.52%
  • Veröffentlicht 25.08.2015 17:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record wi...