- EPSS 2.4%
- Veröffentlicht 24.06.2015 14:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, a...
CVE-2013-4363
- EPSS 0.66%
- Veröffentlicht 17.10.2013 23:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows...
CVE-2013-4287
- EPSS 2.02%
- Veröffentlicht 17.10.2013 23:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote at...
CVE-2012-2125
- EPSS 0.64%
- Veröffentlicht 01.10.2013 17:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
CVE-2012-2126
- EPSS 0.27%
- Veröffentlicht 01.10.2013 17:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.