2.6.3

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-17	CVE-2019-8323	Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network low complexity rubygems debian opensuse CWE-74	5.0
2019-06-17	CVE-2019-8322	Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network low complexity rubygems debian opensuse CWE-74	5.0
2019-06-17	CVE-2019-8321	Argument Injection or Modification vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network low complexity rubygems debian opensuse CWE-88	5.0
2019-06-17	CVE-2019-8325	Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network low complexity rubygems opensuse debian CWE-74	5.0
2019-06-17	CVE-2019-8324	Code Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. network rubygems debian opensuse redhat CWE-94	6.8
2017-10-11	CVE-2017-0903	Deserialization of Untrusted Data vulnerability in multiple products RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. network low complexity rubygems debian canonical redhat CWE-502	7.5
2017-08-31	CVE-2017-0902	Origin Validation Error vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. network rubygems debian canonical redhat CWE-346	6.8
2017-08-31	CVE-2017-0901	Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. network low complexity rubygems debian canonical redhat CWE-20	6.4
2017-08-31	CVE-2017-0900	Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. network low complexity rubygems debian redhat CWE-20	5.0
2017-08-31	CVE-2017-0899	Code Injection vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. network low complexity rubygems debian redhat CWE-94	7.5