Rubygems

Rubygems

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2018-1000077

  • EPSS 0.76%
  • Published 13.03.2018 15:29:00
  • Last modified 21.11.2024 03:39:35

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby ...

9.8

CVE-2018-1000076

  • EPSS 0.86%
  • Published 13.03.2018 15:29:00
  • Last modified 21.11.2024 03:39:35

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature...

7.5

CVE-2018-1000075

  • EPSS 1.63%
  • Published 13.03.2018 15:29:00
  • Last modified 21.11.2024 03:39:34

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerabil...

7.5

CVE-2018-1000073

  • EPSS 0.98%
  • Published 13.03.2018 15:29:00
  • Last modified 21.11.2024 03:39:34

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_loc...

9.8

CVE-2017-0903

  • EPSS 4.9%
  • Published 11.10.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalat...

8.1

CVE-2017-0902

Exploit
  • EPSS 4.54%
  • Published 31.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

7.5

CVE-2017-0901

Exploit
  • EPSS 18.56%
  • Published 31.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

7.5

CVE-2017-0900

Exploit
  • EPSS 12.22%
  • Published 31.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

9.8

CVE-2017-0899

Exploit
  • EPSS 9.67%
  • Published 31.08.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

4.3

CVE-2015-4020

  • EPSS 0.52%
  • Published 25.08.2015 17:59:01
  • Last modified 12.04.2025 10:46:40

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record wi...