1. Home
  2. Security Advisories
  3. Ruby (Gems)
  4. RUBYSEC:RUBYGEMS-UPDATE-2017-0900

[RUBYSEC:RUBYGEMS-UPDATE-2017-0900] RubyGems DoS vulnerability in the query command

Severity High
Affected Packages 3
Fixed Packages 3
CVEs 1
Info Packages References Vulnerabilities

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem
specifications to cause a denial of service attack against RubyGems clients
who have issued a query command.

Package Affected Version
pkg:gem/rubygems-update < 2.4.5.3
pkg:gem/rubygems-update < 2.5.2.1
pkg:gem/rubygems-update < 2.6.13
Package Fixed Version
pkg:gem/rubygems-update >= 2.4.5.3
pkg:gem/rubygems-update >= 2.5.2.1
pkg:gem/rubygems-update >= 2.6.13
ID
RUBYSEC:RUBYGEMS-UPDATE-2017-0900
Severity
high
URL
https://blog.rubygems.org/2017/08/27/2.6.13-released.html
Published
2017-08-29T00:00:00
(7 years ago)
Modified
2023-05-03T23:49:55
(16 months ago)
Rights
RubySec Security Team
Other Advisories
Source # ID Name URL
Security Advisory GHSA-p7f2-rr42-m9xm https://github.com/advisories/GHSA-p7f2-rr42-m9xm
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:gem/rubygems-update rubygems-update >= 2.4.5.3
Affected pkg:gem/rubygems-update rubygems-update < 2.4.5.3
Fixed pkg:gem/rubygems-update rubygems-update >= 2.5.2.1
Affected pkg:gem/rubygems-update rubygems-update < 2.5.2.1
Fixed pkg:gem/rubygems-update rubygems-update >= 2.6.13
Affected pkg:gem/rubygems-update rubygems-update < 2.6.13
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date