1. Home
  2. Packages
  3. gem
  4. rubygems-update

pkg:gem/rubygems-update

Type gem
Name rubygems-update

Known advisories, vulnerabilities and fixes for rubygems-update package.

Repository
https://rubygems.org/gems/rubygems-update
Critical 3
High 13
Medium 9
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected < 0.9.1 CVE-2007-0469
rubysec RUBYSEC:RUBYGEMS-UPDATE-2007-0469 CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files high 2007-01-22T00:00:00
(17 years ago)
Fixed >= 0.9.1 CVE-2007-0469
rubysec RUBYSEC:RUBYGEMS-UPDATE-2007-0469 CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files high 2007-01-22T00:00:00
(17 years ago)
Affected < 1.8.23 CVE-2012-2125
rubysec RUBYSEC:RUBYGEMS-UPDATE-2012-2125 CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 medium 2012-09-25T00:00:00
(12 years ago)
Fixed >= 1.8.23 CVE-2012-2125
rubysec RUBYSEC:RUBYGEMS-UPDATE-2012-2125 CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 medium 2012-09-25T00:00:00
(12 years ago)
Affected < 1.8.23 CVE-2012-2126
rubysec RUBYSEC:RUBYGEMS-UPDATE-2012-2126 CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 medium 2012-04-20T00:00:00
(12 years ago)
Fixed >= 1.8.23 CVE-2012-2126
rubysec RUBYSEC:RUBYGEMS-UPDATE-2012-2126 CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 medium 2012-04-20T00:00:00
(12 years ago)
Affected < 2.1.0 CVE-2013-4287
rubysec RUBYSEC:RUBYGEMS-UPDATE-2013-4287 CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability medium 2013-09-09T00:00:00
(11 years ago)
Fixed = 1.8.23.1 = 1.8.26 = 2.0.8 >= 2.1.0 CVE-2013-4287
rubysec RUBYSEC:RUBYGEMS-UPDATE-2013-4287 CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability medium 2013-09-09T00:00:00
(11 years ago)
Affected < 2.1.5 CVE-2013-4363
rubysec RUBYSEC:RUBYGEMS-UPDATE-2013-4363 CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix medium 2013-09-24T00:00:00
(11 years ago)
Fixed = 1.8.23.2 = 1.8.27 = 2.0.10 >= 2.1.5 CVE-2013-4363
rubysec RUBYSEC:RUBYGEMS-UPDATE-2013-4363 CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix medium 2013-09-24T00:00:00
(11 years ago)
Affected < 2.4.7 CVE-2015-3900
rubysec RUBYSEC:RUBYGEMS-UPDATE-2015-3900 CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint() medium 2015-05-14T00:00:00
(9 years ago)
Fixed = 2.0.16 = 2.2.4 >= 2.4.7 CVE-2015-3900
rubysec RUBYSEC:RUBYGEMS-UPDATE-2015-3900 CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint() medium 2015-05-14T00:00:00
(9 years ago)
Affected < 2.4.8 CVE-2015-4020
rubysec RUBYSEC:RUBYGEMS-UPDATE-2015-4020 RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking medium 2015-06-08T00:00:00
(9 years ago)
Fixed = 2.0.17 = 2.2.5 >= 2.4.8 CVE-2015-4020
rubysec RUBYSEC:RUBYGEMS-UPDATE-2015-4020 RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking medium 2015-06-08T00:00:00
(9 years ago)
Affected < 2.4.5.3 < 2.5.2.1 < 2.6.13 CVE-2017-0899
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0899 RubyGems ANSI escape sequence vulnerability critical 2017-08-29T00:00:00
(7 years ago)
Fixed >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 CVE-2017-0899
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0899 RubyGems ANSI escape sequence vulnerability critical 2017-08-29T00:00:00
(7 years ago)
Affected < 2.4.5.3 < 2.5.2.1 < 2.6.13 CVE-2017-0900
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0900 RubyGems DoS vulnerability in the query command high 2017-08-29T00:00:00
(7 years ago)
Fixed >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 CVE-2017-0900
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0900 RubyGems DoS vulnerability in the query command high 2017-08-29T00:00:00
(7 years ago)
Affected < 2.4.5.3 < 2.5.2.1 < 2.6.13 CVE-2017-0901
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0901 RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files high 2017-08-29T00:00:00
(7 years ago)
Fixed >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 CVE-2017-0901
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0901 RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files high 2017-08-29T00:00:00
(7 years ago)
Affected < 2.4.5.3 < 2.5.2.1 < 2.6.13 CVE-2017-0902
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0902 RubyGems DNS request hijacking vulnerability high 2017-08-29T00:00:00
(7 years ago)
Fixed >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 CVE-2017-0902
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0902 RubyGems DNS request hijacking vulnerability high 2017-08-29T00:00:00
(7 years ago)
Affected < 2.6.14 = 2.0.0 CVE-2017-0903
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems critical 2017-10-09T00:00:00
(7 years ago)
Fixed >= 2.6.14 CVE-2017-0903
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems critical 2017-10-09T00:00:00
(7 years ago)
Unaffected < 2.0.0 CVE-2017-0903
rubysec RUBYSEC:RUBYGEMS-UPDATE-2017-0903 Unsafe Object Deserialization Vulnerability in RubyGems critical 2017-10-09T00:00:00
(7 years ago)
Affected < 2.7.6 CVE-2018-1000073
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000073 RubyGems Link Following vulnerability high 2022-05-13T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000073
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000073 RubyGems Link Following vulnerability high 2022-05-13T00:00:00
(2 years ago)
Affected < 2.7.6 CVE-2018-1000074
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000074 RubyGems Deserialization of Untrusted Data vulnerability high 2022-05-14T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000074
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000074 RubyGems Deserialization of Untrusted Data vulnerability high 2022-05-14T00:00:00
(2 years ago)
Affected < 2.7.6 CVE-2018-1000075
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000075 RubyGems Infinite Loop vulnerability high 2022-05-13T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000075
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000075 RubyGems Infinite Loop vulnerability high 2022-05-13T00:00:00
(2 years ago)
Affected < 2.7.6 = 2.2.0 CVE-2018-1000076
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000076 RubyGems Improper Verification of Cryptographic Signature vulnerability critical 2022-05-14T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000076
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000076 RubyGems Improper Verification of Cryptographic Signature vulnerability critical 2022-05-14T00:00:00
(2 years ago)
Unaffected < 2.2.0 CVE-2018-1000076
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000076 RubyGems Improper Verification of Cryptographic Signature vulnerability critical 2022-05-14T00:00:00
(2 years ago)
Affected < 2.7.6 CVE-2018-1000077
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000077 RubyGems Improper Input Validation vulnerability medium 2022-05-14T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000077
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000077 RubyGems Improper Input Validation vulnerability medium 2022-05-14T00:00:00
(2 years ago)
Affected < 2.7.6 CVE-2018-1000078
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000078 RubyGems Cross-site Scripting vulnerability medium 2022-05-14T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000078
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000078 RubyGems Cross-site Scripting vulnerability medium 2022-05-14T00:00:00
(2 years ago)
Affected < 2.7.6 CVE-2018-1000079
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000079 RubyGems Path Traversal vulnerability medium 2022-05-14T00:00:00
(2 years ago)
Fixed >= 2.7.6 CVE-2018-1000079
rubysec RUBYSEC:RUBYGEMS-UPDATE-2018-1000079 RubyGems Path Traversal vulnerability medium 2022-05-14T00:00:00
(2 years ago)
Affected < 3.0.3 = 2.7.6 CVE-2019-8320
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8320 Delete directory using symlink when decompressing tar high 2019-03-05T00:00:00
(5 years ago)
Fixed >= 3.0.3 = 2.7.9 CVE-2019-8320
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8320 Delete directory using symlink when decompressing tar high 2019-03-05T00:00:00
(5 years ago)
Unaffected < 2.7.6 CVE-2019-8320
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8320 Delete directory using symlink when decompressing tar high 2019-03-05T00:00:00
(5 years ago)
Affected < 3.0.3 = 2.6 CVE-2019-8321
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8321 Escape sequence injection vulnerability in verbose high 2019-03-05T00:00:00
(5 years ago)
Fixed >= 3.0.3 = 2.7.9 CVE-2019-8321
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8321 Escape sequence injection vulnerability in verbose high 2019-03-05T00:00:00
(5 years ago)
Unaffected < 2.6 CVE-2019-8321
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8321 Escape sequence injection vulnerability in verbose high 2019-03-05T00:00:00
(5 years ago)
Affected < 3.0.3 = 2.6 CVE-2019-8322
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8322 Escape sequence injection vulnerability in gem owner high 2019-03-05T00:00:00
(5 years ago)
Fixed = 2.7.9 >= 3.0.3 CVE-2019-8322
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8322 Escape sequence injection vulnerability in gem owner high 2019-03-05T00:00:00
(5 years ago)
Unaffected < 2.6 CVE-2019-8322
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8322 Escape sequence injection vulnerability in gem owner high 2019-03-05T00:00:00
(5 years ago)
Affected < 3.0.3 = 2.6 CVE-2019-8323
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8323 Escape sequence injection vulnerability in api response handling high 2019-03-05T00:00:00
(5 years ago)
Fixed >= 3.0.3 = 2.7.9 CVE-2019-8323
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8323 Escape sequence injection vulnerability in api response handling high 2019-03-05T00:00:00
(5 years ago)
Unaffected < 2.6 CVE-2019-8323
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8323 Escape sequence injection vulnerability in api response handling high 2019-03-05T00:00:00
(5 years ago)
Affected < 3.0.3 = 2.6 CVE-2019-8324
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8324 Installing a malicious gem may lead to arbitrary code execution high 2019-03-05T00:00:00
(5 years ago)
Fixed >= 3.0.3 = 2.7.9 CVE-2019-8324
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8324 Installing a malicious gem may lead to arbitrary code execution high 2019-03-05T00:00:00
(5 years ago)
Unaffected < 2.6 CVE-2019-8324
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8324 Installing a malicious gem may lead to arbitrary code execution high 2019-03-05T00:00:00
(5 years ago)
Affected < 3.0.3 = 2.6 CVE-2019-8325
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8325 Escape sequence injection vulnerability in errors high 2019-03-05T00:00:00
(5 years ago)
Fixed >= 3.0.3 = 2.7.9 CVE-2019-8325
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8325 Escape sequence injection vulnerability in errors high 2019-03-05T00:00:00
(5 years ago)
Unaffected < 2.6 CVE-2019-8325
rubysec RUBYSEC:RUBYGEMS-UPDATE-2019-8325 Escape sequence injection vulnerability in errors high 2019-03-05T00:00:00
(5 years ago)