Vulnerabilities > Rubygems > Rubygems
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-17 | CVE-2019-8323 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 5.0 |
2019-06-17 | CVE-2019-8322 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 5.0 |
2019-06-17 | CVE-2019-8321 | Argument Injection or Modification vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 5.0 |
2019-06-17 | CVE-2019-8325 | Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 5.0 |
2019-06-17 | CVE-2019-8324 | Code Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 6.8 |
2019-06-06 | CVE-2019-8320 | Path Traversal vulnerability in Rubygems A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. | 8.8 |
2018-03-13 | CVE-2018-1000079 | Path Traversal vulnerability in Rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. | 4.3 |
2018-03-13 | CVE-2018-1000078 | Cross-site Scripting vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. | 4.3 |
2018-03-13 | CVE-2018-1000077 | Improper Input Validation vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. | 5.0 |
2018-03-13 | CVE-2018-1000076 | Improper Verification of Cryptographic Signature vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. | 7.5 |