Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems rubygems vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-8321
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-8322
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-8323
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
8.8
CVSSv3
CVE-2019-8324
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinsta...
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Redhat Enterprise Linux 8.0
7.5
CVSSv3
CVE-2019-8325
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Rubygems Rubygems
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 9.0
7.4
CVSSv3
CVE-2019-8320
A Directory Traversal issue exists in RubyGems 2.7.6 and later up to and including 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, ...
Rubygems Rubygems
6.1
CVSSv3
CVE-2015-9096
Net::SMTP in Ruby prior to 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Ruby-lang Ruby
NA
CVE-2015-4020
RubyGems 2.0.x prior to 2.0.17, 2.2.x prior to 2.2.5, and 2.4.x prior to 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that i...
Oracle Solaris 11.3
Rubygems Rubygems 2.4.3
Rubygems Rubygems 2.2.1
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.0.0
Rubygems Rubygems 2.0.13
Rubygems Rubygems 2.0.6
Rubygems Rubygems 2.0.15
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.2.0
Rubygems Rubygems 2.4.5
Rubygems Rubygems 2.4.2
Rubygems Rubygems 2.0.10
Rubygems Rubygems 2.0.16
Rubygems Rubygems 2.0.14
Rubygems Rubygems 2.4.4
Rubygems Rubygems 2.0.3
Rubygems Rubygems 2.4.0
Rubygems Rubygems 2.0.11
Rubygems Rubygems 2.4.6
Rubygems Rubygems 2.2.3
NA
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.1.5
Rubygems Rubygems 2.4.3
Rubygems Rubygems 2.2.1
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.0.13
Rubygems Rubygems 2.0.6
Rubygems Rubygems 2.0.15
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.2.0
Rubygems Rubygems 2.4.5
1 Github repository
1 Article
NA
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppet Facter 2.0.0
Puppet Facter 2.0.1
Puppetlabs Facter
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet Enterprise
Puppet Puppet
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »