Package impact
RubyGems / rubygems-update
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0901 | high | 7.5 | 8.5 | 9y ago | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||
| CVE-2017-0902 | high | 8.1 | 8.1 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… | |||
| CVE-2019-8324 | high | — | 8.0 | 7y ago | RHSA-2019:1972: ruby:2.5 security update (Important) | |||
| CVE-2017-0900 | high | 7.5 | 7.5 | 9y ago | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |