VulnerableCode Package Details - pkg:alpm/archlinux/ruby-bundler@2.2.17-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/ruby-bundler@2.2.17-1

Essentials
History (1)

purl	pkg:alpm/archlinux/ruby-bundler@2.2.17-1

Next non-vulnerable version	2.2.18-1
Latest non-vulnerable version	2.2.18-1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-dy2a-n93k-yfgd Aliases: CVE-2020-36327 GHSA-fp4w-jxhp-m23p	Dependency Confusion in Bundler Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.	2.2.18-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:44.651402+00:00	Arch Linux Importer	Affected by	VCID-dy2a-n93k-yfgd	https://security.archlinux.org/AVG-1891	38.0.0