0.8.6

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-31	CVE-2017-0899	Code Injection vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. network low complexity rubygems debian redhat CWE-94	7.5
2013-10-17	CVE-2013-4363	Cryptographic Issues vulnerability in multiple products Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. network rubygems ruby-lang CWE-310	4.3
2013-10-17	CVE-2013-4287	Cryptographic Issues vulnerability in multiple products Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. network redhat rubygems ruby-lang CWE-310	4.3
2013-10-01	CVE-2012-2126	Cryptographic Issues vulnerability in Rubygems RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. network rubygems redhat canonical CWE-310	4.3
2013-10-01	CVE-2012-2125	URI Redirection vulnerability in RubyGems RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. network rubygems redhat canonical	5.8