Search for packages
| purl | pkg:apk/alpine/ruby@2.4.6-r0?arch=x86&distroversion=v3.6&reponame=main |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-f7x5-hz5f-hyd3 | Improper Restriction of Operations within the Bounds of a Memory Buffer An issue was discovered in RubyGems. Since `Gem::CommandManager#run` calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) |
CVE-2019-8325
GHSA-4wm8-fjv7-j774 |
| VCID-ha3g-uyse-wybx | Injection Vulnerability An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. |
CVE-2019-8322
GHSA-mh37-8c3g-3fgc |
| VCID-jkwe-c323-3yez | Argument Injection or Modification An issue was discovered in RubyGems. Since `Gem::UserInteraction#verbose` calls say without escaping, escape sequence injection is possible. |
CVE-2019-8321
GHSA-fr32-gr5c-xq5c |
| VCID-ky5r-bch5-m7dv | Injection Vulnerability An issue was discovered in RubyGems. `Gem::GemcutterUtilities#with_response` may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur. |
CVE-2019-8323
GHSA-3h4r-pjv6-cph9 |
| VCID-t78a-dw4s-vqf5 | Path Traversal A Directory Traversal issue was discovered in RubyGems. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (`/tmp`, `/usr`, etc.), this could likely lead to data loss or an unusable system. |
CVE-2019-8320
GHSA-5x32-c9mf-49cc |
| VCID-xgmc-a5rk-zqag | Improper Input Validation A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is evaluated by `ensure_loadable_spec` during the pre-installation check. |
CVE-2019-8324
GHSA-76wm-422q-92mq |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-06T04:49:37.202317+00:00 | Alpine Linux Importer | Fixing | VCID-t78a-dw4s-vqf5 | https://secdb.alpinelinux.org/v3.6/main.json | 38.1.0 |
| 2026-04-03T17:57:15.975261+00:00 | Alpine Linux Importer | Fixing | VCID-ky5r-bch5-m7dv | https://secdb.alpinelinux.org/v3.6/main.json | 38.1.0 |
| 2026-04-03T17:56:29.032518+00:00 | Alpine Linux Importer | Fixing | VCID-jkwe-c323-3yez | https://secdb.alpinelinux.org/v3.6/main.json | 38.1.0 |
| 2026-04-03T17:47:23.607401+00:00 | Alpine Linux Importer | Fixing | VCID-ha3g-uyse-wybx | https://secdb.alpinelinux.org/v3.6/main.json | 38.1.0 |
| 2026-04-03T17:47:09.329646+00:00 | Alpine Linux Importer | Fixing | VCID-xgmc-a5rk-zqag | https://secdb.alpinelinux.org/v3.6/main.json | 38.1.0 |
| 2026-04-01T19:32:06.946049+00:00 | Alpine Linux Importer | Fixing | VCID-f7x5-hz5f-hyd3 | https://secdb.alpinelinux.org/v3.6/main.json | 38.0.0 |