Vulnerabilities > Rubygems

DATE CVE VULNERABILITY TITLE RISK
2019-06-17 CVE-2019-8323 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
5.0
2019-06-17 CVE-2019-8322 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
5.0
2019-06-17 CVE-2019-8321 Argument Injection OR Modification vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-88
5.0
2019-06-17 CVE-2019-8325 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems opensuse debian CWE-74
5.0
2019-06-17 CVE-2019-8324 Code Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
6.8
2019-06-06 CVE-2019-8320 Path Traversal vulnerability in Rubygems
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2.
network
rubygems CWE-22
8.8
2018-03-13 CVE-2018-1000079 Path Traversal vulnerability in Rubygems
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation.
network
rubygems CWE-22
4.3
2018-03-13 CVE-2018-1000078 Cross-Site Scripting vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS.
4.3
2018-03-13 CVE-2018-1000077 Improper Input Validation vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL.
network
low complexity
rubygems debian CWE-20
5.0
2018-03-13 CVE-2018-1000076 Improper Verification of Cryptographic Signature vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures..
network
low complexity
rubygems debian CWE-347
7.5