Vulnerabilities > Rubygems > Rubygems > 2.6.9

DATE CVE VULNERABILITY TITLE RISK
2022-09-07 CVE-2022-36073 Improper Authentication vulnerability in Rubygems
RubyGems.org is the Ruby community gem host.
network
low complexity
rubygems CWE-287
8.8
8.8
2019-06-17 CVE-2019-8323 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
7.5
7.5
2019-06-17 CVE-2019-8322 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
7.5
7.5
2019-06-17 CVE-2019-8321 Argument Injection or Modification vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-88
7.5
7.5
2019-06-17 CVE-2019-8325 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems opensuse debian CWE-74
7.5
7.5
2019-06-17 CVE-2019-8324 Code Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse redhat CWE-94
8.8
8.8
2017-10-11 CVE-2017-0903 Deserialization of Untrusted Data vulnerability in multiple products
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability.
network
low complexity
rubygems debian canonical redhat CWE-502
critical
 9.8
9.8
2017-08-31 CVE-2017-0902 Origin Validation Error vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
network
high complexity
rubygems debian canonical redhat CWE-346
8.1
8.1
2017-08-31 CVE-2017-0901 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
network
low complexity
rubygems debian canonical redhat CWE-20
7.5
7.5
2017-08-31 CVE-2017-0900 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
network
low complexity
rubygems debian redhat CWE-20
7.5
7.5