VulnerableCode Package Details - pkg:alpm/archlinux/ruby-bundler@2.2.18-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/ruby-bundler@2.2.18-1

Essentials
History (1)

purl	pkg:alpm/archlinux/ruby-bundler@2.2.18-1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-dy2a-n93k-yfgd	Dependency Confusion in Bundler Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.	CVE-2020-36327 GHSA-fp4w-jxhp-m23p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:44.656171+00:00	Arch Linux Importer	Fixing	VCID-dy2a-n93k-yfgd	https://security.archlinux.org/AVG-1891	38.0.0