Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems rubygems vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0469
The extract_files function in installer.rb in RubyGems prior to 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote malicious users to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM p...
Rubyforge Rubygems 0.8.11
Rubyforge Rubygems
7.5
CVSSv3
CVE-2019-8321
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-8322
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-8323
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-8325
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Rubygems Rubygems
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one...
Rubygems Rubygems.org -
1 Github repository
7.5
CVSSv3
CVE-2022-29218
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious...
Rubygems Rubygems.org -
9.8
CVSSv3
CVE-2024-21654
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an malicious user to bypass the ...
Rubygems Rubygems.org
7.5
CVSSv3
CVE-2023-40165
rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate uplo...
Rubygems Rubygems.org
NA
CVE-2013-2615
lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL.
Rubygems Fastreader 1.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »