Vulnerabilities > Rubygems > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-17 CVE-2023-40165 Unspecified vulnerability in Rubygems Rubygems.Org
rubygems.org is the Ruby community's primary gem (library) hosting service.
network
low complexity
rubygems
7.5
7.5
2022-05-13 CVE-2022-29218 Authentication Bypass by Spoofing vulnerability in Rubygems Rubygems.Org
RubyGems is a package registry used to supply software for the Ruby language ecosystem.
network
low complexity
rubygems CWE-290
7.5
7.5
2022-05-05 CVE-2022-29176 Missing Authorization vulnerability in Rubygems Rubygems.Org
Rubygems is a package registry used to supply software for the Ruby language ecosystem.
network
high complexity
rubygems CWE-862
7.5
7.5
2019-06-06 CVE-2019-8320 Path Traversal vulnerability in Rubygems
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2.
network
rubygems CWE-22
8.8
8.8
2018-03-13 CVE-2018-1000076 Improper Verification of Cryptographic Signature vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures..
network
low complexity
rubygems debian CWE-347
7.5
7.5
2017-10-11 CVE-2017-0903 Deserialization of Untrusted Data vulnerability in multiple products
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability.
network
low complexity
rubygems debian canonical redhat CWE-502
7.5
7.5
2017-08-31 CVE-2017-0899 Code Injection vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.
network
low complexity
rubygems debian redhat CWE-94
7.5
7.5
2013-03-20 CVE-2013-2616 Code Injection vulnerability in Rubygems Mini Magick 1.3.1
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
network
low complexity
rubygems CWE-94
7.5
7.5
2013-03-20 CVE-2013-2615 Code Injection vulnerability in Rubygems Fastreader 1.0.8
lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
network
low complexity
rubygems CWE-94
7.5
7.5
2013-03-20 CVE-2013-1875 Code Injection vulnerability in Rubygems Command Wrap
command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.
network
low complexity
rubygems CWE-94
7.5
7.5