| CVE-2017-0901 |
high |
7.5 |
8.5 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. |
| CVE-2017-0902 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… |
| CVE-2019-8324 |
high |
— |
8.0 |
|
|
|
7y ago |
RHSA-2019:1972: ruby:2.5 security update (Important) |
| CVE-2017-0900 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |
| CVE-2018-1000077 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Improper Input Validation vulnerability |
| CVE-2018-1000078 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Cross-site Scripting vulnerability |
| CVE-2018-1000079 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Path Traversal vulnerability |
| CVE-2018-1000076 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Improper Verification of Cryptographic Signature vulnerability |
| CVE-2018-1000074 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Deserialization of Untrusted Data vulnerability |
| CVE-2018-1000075 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Infinite Loop vulnerability |
| CVE-2018-1000073 |
unknown |
— |
— |
|
|
|
4y ago |
RubyGems Link Following vulnerability |
