Vulnerabilities > Rubygems

DATE CVE VULNERABILITY TITLE RISK
2017-08-31 CVE-2017-0901 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
network
low complexity
rubygems debian canonical redhat CWE-20
7.5
7.5
2017-08-31 CVE-2017-0900 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
network
low complexity
rubygems debian redhat CWE-20
7.5
7.5
2017-08-31 CVE-2017-0899 Code Injection vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.
network
low complexity
rubygems debian redhat CWE-94
critical
 9.8
9.8