Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems rubygems 2.4.0 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-9096
Net::SMTP in Ruby prior to 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Ruby-lang Ruby
NA
CVE-2015-4020
RubyGems 2.0.x prior to 2.0.17, 2.2.x prior to 2.2.5, and 2.4.x prior to 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that i...
Oracle Solaris 11.3
Rubygems Rubygems 2.4.3
Rubygems Rubygems 2.2.1
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.0.0
Rubygems Rubygems 2.0.13
Rubygems Rubygems 2.0.6
Rubygems Rubygems 2.0.15
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.2.0
Rubygems Rubygems 2.4.5
Rubygems Rubygems 2.4.2
Rubygems Rubygems 2.0.10
Rubygems Rubygems 2.0.16
Rubygems Rubygems 2.0.14
Rubygems Rubygems 2.4.4
Rubygems Rubygems 2.0.3
Rubygems Rubygems 2.4.0
Rubygems Rubygems 2.0.11
Rubygems Rubygems 2.4.6
Rubygems Rubygems 2.2.3
NA
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.1.5
Rubygems Rubygems 2.4.3
Rubygems Rubygems 2.2.1
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.0.13
Rubygems Rubygems 2.0.6
Rubygems Rubygems 2.0.15
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.2.0
Rubygems Rubygems 2.4.5
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started