Vulnerabilities > Rubygems > Rubygems > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-07 CVE-2022-36073 Improper Authentication vulnerability in Rubygems
RubyGems.org is the Ruby community gem host.
network
low complexity
rubygems CWE-287
8.8
8.8
2019-06-17 CVE-2019-8323 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
7.5
7.5
2019-06-17 CVE-2019-8322 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-74
7.5
7.5
2019-06-17 CVE-2019-8321 Argument Injection or Modification vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse CWE-88
7.5
7.5
2019-06-17 CVE-2019-8325 Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems opensuse debian CWE-74
7.5
7.5
2019-06-17 CVE-2019-8324 Code Injection vulnerability in multiple products
An issue was discovered in RubyGems 2.6 and later through 3.0.2.
network
low complexity
rubygems debian opensuse redhat CWE-94
8.8
8.8
2019-06-06 CVE-2019-8320 Path Traversal vulnerability in Rubygems
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2.
network
high complexity
rubygems CWE-22
7.4
7.4
2018-03-13 CVE-2018-1000075 Infinite Loop vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop..
network
low complexity
rubygems debian CWE-835
7.5
7.5
2018-03-13 CVE-2018-1000074 Deserialization of Untrusted Data vulnerability in Rubygems
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution.
local
low complexity
rubygems CWE-502
7.8
7.8
2018-03-13 CVE-2018-1000073 Link Following vulnerability in Rubygems
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root.
network
low complexity
rubygems CWE-59
7.5
7.5