pkg:gem/rubygems-update
Type
gem
Name
rubygems-update
Known advisories, vulnerabilities and fixes for rubygems-update package.
- Repository
- https://rubygems.org/gems/rubygems-update
Critical
3
High
13
Medium
9
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 0.9.1 |
CVE-2007-0469
|
RUBYSEC:RUBYGEMS-UPDATE-2007-0469 | CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files | high |
2007-01-22T00:00:00
(17 years ago) |
|
Fixed | >= 0.9.1 |
CVE-2007-0469
|
RUBYSEC:RUBYGEMS-UPDATE-2007-0469 | CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files | high |
2007-01-22T00:00:00
(17 years ago) |
|
Affected | < 1.8.23 |
CVE-2012-2125
|
RUBYSEC:RUBYGEMS-UPDATE-2012-2125 | CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 | medium |
2012-09-25T00:00:00
(12 years ago) |
|
Fixed | >= 1.8.23 |
CVE-2012-2125
|
RUBYSEC:RUBYGEMS-UPDATE-2012-2125 | CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 | medium |
2012-09-25T00:00:00
(12 years ago) |
|
Affected | < 1.8.23 |
CVE-2012-2126
|
RUBYSEC:RUBYGEMS-UPDATE-2012-2126 | CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 | medium |
2012-04-20T00:00:00
(12 years ago) |
|
Fixed | >= 1.8.23 |
CVE-2012-2126
|
RUBYSEC:RUBYGEMS-UPDATE-2012-2126 | CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23 | medium |
2012-04-20T00:00:00
(12 years ago) |
|
Affected | < 2.1.0 |
CVE-2013-4287
|
RUBYSEC:RUBYGEMS-UPDATE-2013-4287 | CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability | medium |
2013-09-09T00:00:00
(11 years ago) |
|
Fixed | = 1.8.23.1 = 1.8.26 = 2.0.8 >= 2.1.0 |
CVE-2013-4287
|
RUBYSEC:RUBYGEMS-UPDATE-2013-4287 | CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability | medium |
2013-09-09T00:00:00
(11 years ago) |
|
Affected | < 2.1.5 |
CVE-2013-4363
|
RUBYSEC:RUBYGEMS-UPDATE-2013-4363 | CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix | medium |
2013-09-24T00:00:00
(11 years ago) |
|
Fixed | = 1.8.23.2 = 1.8.27 = 2.0.10 >= 2.1.5 |
CVE-2013-4363
|
RUBYSEC:RUBYGEMS-UPDATE-2013-4363 | CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix | medium |
2013-09-24T00:00:00
(11 years ago) |
|
Affected | < 2.4.7 |
CVE-2015-3900
|
RUBYSEC:RUBYGEMS-UPDATE-2015-3900 | CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint() | medium |
2015-05-14T00:00:00
(9 years ago) |
|
Fixed | = 2.0.16 = 2.2.4 >= 2.4.7 |
CVE-2015-3900
|
RUBYSEC:RUBYGEMS-UPDATE-2015-3900 | CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint() | medium |
2015-05-14T00:00:00
(9 years ago) |
|
Affected | < 2.4.8 |
CVE-2015-4020
|
RUBYSEC:RUBYGEMS-UPDATE-2015-4020 | RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking | medium |
2015-06-08T00:00:00
(9 years ago) |
|
Fixed | = 2.0.17 = 2.2.5 >= 2.4.8 |
CVE-2015-4020
|
RUBYSEC:RUBYGEMS-UPDATE-2015-4020 | RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking | medium |
2015-06-08T00:00:00
(9 years ago) |
|
Affected | < 2.4.5.3 < 2.5.2.1 < 2.6.13 |
CVE-2017-0899
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0899 | RubyGems ANSI escape sequence vulnerability | critical |
2017-08-29T00:00:00
(7 years ago) |
|
Fixed | >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 |
CVE-2017-0899
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0899 | RubyGems ANSI escape sequence vulnerability | critical |
2017-08-29T00:00:00
(7 years ago) |
|
Affected | < 2.4.5.3 < 2.5.2.1 < 2.6.13 |
CVE-2017-0900
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0900 | RubyGems DoS vulnerability in the query command | high |
2017-08-29T00:00:00
(7 years ago) |
|
Fixed | >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 |
CVE-2017-0900
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0900 | RubyGems DoS vulnerability in the query command | high |
2017-08-29T00:00:00
(7 years ago) |
|
Affected | < 2.4.5.3 < 2.5.2.1 < 2.6.13 |
CVE-2017-0901
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0901 | RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files | high |
2017-08-29T00:00:00
(7 years ago) |
|
Fixed | >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 |
CVE-2017-0901
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0901 | RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files | high |
2017-08-29T00:00:00
(7 years ago) |
|
Affected | < 2.4.5.3 < 2.5.2.1 < 2.6.13 |
CVE-2017-0902
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0902 | RubyGems DNS request hijacking vulnerability | high |
2017-08-29T00:00:00
(7 years ago) |
|
Fixed | >= 2.4.5.3 >= 2.5.2.1 >= 2.6.13 |
CVE-2017-0902
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0902 | RubyGems DNS request hijacking vulnerability | high |
2017-08-29T00:00:00
(7 years ago) |
|
Affected | < 2.6.14 = 2.0.0 |
CVE-2017-0903
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0903 | Unsafe Object Deserialization Vulnerability in RubyGems | critical |
2017-10-09T00:00:00
(7 years ago) |
|
Fixed | >= 2.6.14 |
CVE-2017-0903
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0903 | Unsafe Object Deserialization Vulnerability in RubyGems | critical |
2017-10-09T00:00:00
(7 years ago) |
|
Unaffected | < 2.0.0 |
CVE-2017-0903
|
RUBYSEC:RUBYGEMS-UPDATE-2017-0903 | Unsafe Object Deserialization Vulnerability in RubyGems | critical |
2017-10-09T00:00:00
(7 years ago) |
|
Affected | < 2.7.6 |
CVE-2018-1000073
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000073 | RubyGems Link Following vulnerability | high |
2022-05-13T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000073
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000073 | RubyGems Link Following vulnerability | high |
2022-05-13T00:00:00
(2 years ago) |
|
Affected | < 2.7.6 |
CVE-2018-1000074
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000074 | RubyGems Deserialization of Untrusted Data vulnerability | high |
2022-05-14T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000074
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000074 | RubyGems Deserialization of Untrusted Data vulnerability | high |
2022-05-14T00:00:00
(2 years ago) |
|
Affected | < 2.7.6 |
CVE-2018-1000075
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000075 | RubyGems Infinite Loop vulnerability | high |
2022-05-13T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000075
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000075 | RubyGems Infinite Loop vulnerability | high |
2022-05-13T00:00:00
(2 years ago) |
|
Affected | < 2.7.6 = 2.2.0 |
CVE-2018-1000076
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000076 | RubyGems Improper Verification of Cryptographic Signature vulnerability | critical |
2022-05-14T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000076
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000076 | RubyGems Improper Verification of Cryptographic Signature vulnerability | critical |
2022-05-14T00:00:00
(2 years ago) |
|
Unaffected | < 2.2.0 |
CVE-2018-1000076
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000076 | RubyGems Improper Verification of Cryptographic Signature vulnerability | critical |
2022-05-14T00:00:00
(2 years ago) |
|
Affected | < 2.7.6 |
CVE-2018-1000077
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000077 | RubyGems Improper Input Validation vulnerability | medium |
2022-05-14T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000077
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000077 | RubyGems Improper Input Validation vulnerability | medium |
2022-05-14T00:00:00
(2 years ago) |
|
Affected | < 2.7.6 |
CVE-2018-1000078
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000078 | RubyGems Cross-site Scripting vulnerability | medium |
2022-05-14T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000078
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000078 | RubyGems Cross-site Scripting vulnerability | medium |
2022-05-14T00:00:00
(2 years ago) |
|
Affected | < 2.7.6 |
CVE-2018-1000079
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000079 | RubyGems Path Traversal vulnerability | medium |
2022-05-14T00:00:00
(2 years ago) |
|
Fixed | >= 2.7.6 |
CVE-2018-1000079
|
RUBYSEC:RUBYGEMS-UPDATE-2018-1000079 | RubyGems Path Traversal vulnerability | medium |
2022-05-14T00:00:00
(2 years ago) |
|
Affected | < 3.0.3 = 2.7.6 |
CVE-2019-8320
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8320 | Delete directory using symlink when decompressing tar | high |
2019-03-05T00:00:00
(5 years ago) |
|
Fixed | >= 3.0.3 = 2.7.9 |
CVE-2019-8320
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8320 | Delete directory using symlink when decompressing tar | high |
2019-03-05T00:00:00
(5 years ago) |
|
Unaffected | < 2.7.6 |
CVE-2019-8320
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8320 | Delete directory using symlink when decompressing tar | high |
2019-03-05T00:00:00
(5 years ago) |
|
Affected | < 3.0.3 = 2.6 |
CVE-2019-8321
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8321 | Escape sequence injection vulnerability in verbose | high |
2019-03-05T00:00:00
(5 years ago) |
|
Fixed | >= 3.0.3 = 2.7.9 |
CVE-2019-8321
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8321 | Escape sequence injection vulnerability in verbose | high |
2019-03-05T00:00:00
(5 years ago) |
|
Unaffected | < 2.6 |
CVE-2019-8321
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8321 | Escape sequence injection vulnerability in verbose | high |
2019-03-05T00:00:00
(5 years ago) |
|
Affected | < 3.0.3 = 2.6 |
CVE-2019-8322
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8322 | Escape sequence injection vulnerability in gem owner | high |
2019-03-05T00:00:00
(5 years ago) |
|
Fixed | = 2.7.9 >= 3.0.3 |
CVE-2019-8322
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8322 | Escape sequence injection vulnerability in gem owner | high |
2019-03-05T00:00:00
(5 years ago) |
|
Unaffected | < 2.6 |
CVE-2019-8322
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8322 | Escape sequence injection vulnerability in gem owner | high |
2019-03-05T00:00:00
(5 years ago) |
|
Affected | < 3.0.3 = 2.6 |
CVE-2019-8323
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8323 | Escape sequence injection vulnerability in api response handling | high |
2019-03-05T00:00:00
(5 years ago) |
|
Fixed | >= 3.0.3 = 2.7.9 |
CVE-2019-8323
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8323 | Escape sequence injection vulnerability in api response handling | high |
2019-03-05T00:00:00
(5 years ago) |
|
Unaffected | < 2.6 |
CVE-2019-8323
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8323 | Escape sequence injection vulnerability in api response handling | high |
2019-03-05T00:00:00
(5 years ago) |
|
Affected | < 3.0.3 = 2.6 |
CVE-2019-8324
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8324 | Installing a malicious gem may lead to arbitrary code execution | high |
2019-03-05T00:00:00
(5 years ago) |
|
Fixed | >= 3.0.3 = 2.7.9 |
CVE-2019-8324
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8324 | Installing a malicious gem may lead to arbitrary code execution | high |
2019-03-05T00:00:00
(5 years ago) |
|
Unaffected | < 2.6 |
CVE-2019-8324
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8324 | Installing a malicious gem may lead to arbitrary code execution | high |
2019-03-05T00:00:00
(5 years ago) |
|
Affected | < 3.0.3 = 2.6 |
CVE-2019-8325
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8325 | Escape sequence injection vulnerability in errors | high |
2019-03-05T00:00:00
(5 years ago) |
|
Fixed | >= 3.0.3 = 2.7.9 |
CVE-2019-8325
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8325 | Escape sequence injection vulnerability in errors | high |
2019-03-05T00:00:00
(5 years ago) |
|
Unaffected | < 2.6 |
CVE-2019-8325
|
RUBYSEC:RUBYGEMS-UPDATE-2019-8325 | Escape sequence injection vulnerability in errors | high |
2019-03-05T00:00:00
(5 years ago) |