Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems rubygems vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-0469
The extract_files function in installer.rb in RubyGems prior to 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote malicious users to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM p...
Rubyforge Rubygems
Rubyforge Rubygems 0.8.11
5
CVSSv2
CVE-2019-8321
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-8322
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-8323
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-8325
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Rubygems Rubygems
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
6
CVSSv2
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one...
Rubygems Rubygems.org -
1 Github repository
5
CVSSv2
CVE-2022-29218
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious...
Rubygems Rubygems.org -
NA
CVE-2023-40165
rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\d/`, permanently replacing the legitimate uplo...
Rubygems Rubygems.org
NA
CVE-2024-21654
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an malicious user to bypass the ...
Rubygems Rubygems.org
6.8
CVSSv2
CVE-2019-8324
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinsta...
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Redhat Enterprise Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »