VulnerableCode Package Details - pkg:deb/debian/jruby@1.5.6-9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/jruby@1.5.6-9

Essentials
History (21)

purl	pkg:deb/debian/jruby@1.5.6-9

Next non-vulnerable version	1.7.26-1+deb9u1
Latest non-vulnerable version	9.4.8.0+ds-3
Risk	4.5

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-8d7n-bfhu-dkfd Aliases: CVE-2018-1000075 GHSA-74pv-v9gh-h25p	Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.
VCID-8hm4-c4w4-gfen Aliases: CVE-2018-1000078 GHSA-87qx-g5wg-mwmj	Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.
VCID-9t45-d5mf-3uar Aliases: CVE-2018-1000079 GHSA-8qxg-mff5-j3wc	Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.
VCID-af1f-xwwy-jfa8 Aliases: CVE-2018-1000074 GHSA-qj2w-mw2r-pv39	RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.
VCID-mamm-cvdr-subf Aliases: CVE-2018-1000077 GHSA-gv86-43rv-79m2	RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.
VCID-tq93-h2ag-s3bx Aliases: CVE-2018-1000073 GHSA-gx69-6cp4-hxrj	Path Traversal RubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.
VCID-w4ns-f42m-pyec Aliases: CVE-2018-1000076 GHSA-mc6j-h948-v2p6	RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.	1.7.26-1+deb9u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T14:32:22.617909+00:00	Debian Oval Importer	Affected by	VCID-tq93-h2ag-s3bx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:28:02.333731+00:00	Debian Oval Importer	Affected by	VCID-8d7n-bfhu-dkfd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:18:26.213867+00:00	Debian Oval Importer	Affected by	VCID-af1f-xwwy-jfa8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:10:53.899766+00:00	Debian Oval Importer	Affected by	VCID-w4ns-f42m-pyec	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:07:04.720308+00:00	Debian Oval Importer	Affected by	VCID-mamm-cvdr-subf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:06:26.732705+00:00	Debian Oval Importer	Affected by	VCID-8hm4-c4w4-gfen	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:06:21.696398+00:00	Debian Oval Importer	Affected by	VCID-9t45-d5mf-3uar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-11T14:20:40.654336+00:00	Debian Oval Importer	Affected by	VCID-tq93-h2ag-s3bx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T14:16:22.437326+00:00	Debian Oval Importer	Affected by	VCID-8d7n-bfhu-dkfd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T14:06:56.660053+00:00	Debian Oval Importer	Affected by	VCID-af1f-xwwy-jfa8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:59:26.269045+00:00	Debian Oval Importer	Affected by	VCID-w4ns-f42m-pyec	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:55:40.040010+00:00	Debian Oval Importer	Affected by	VCID-mamm-cvdr-subf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:55:02.411373+00:00	Debian Oval Importer	Affected by	VCID-8hm4-c4w4-gfen	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:54:57.237756+00:00	Debian Oval Importer	Affected by	VCID-9t45-d5mf-3uar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-07T22:54:19.451597+00:00	Debian Oval Importer	Affected by	VCID-tq93-h2ag-s3bx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:50:08.618372+00:00	Debian Oval Importer	Affected by	VCID-8d7n-bfhu-dkfd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:40:58.669036+00:00	Debian Oval Importer	Affected by	VCID-af1f-xwwy-jfa8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:33:58.860804+00:00	Debian Oval Importer	Affected by	VCID-w4ns-f42m-pyec	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:30:31.122200+00:00	Debian Oval Importer	Affected by	VCID-mamm-cvdr-subf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:29:55.854525+00:00	Debian Oval Importer	Affected by	VCID-8hm4-c4w4-gfen	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:29:51.241527+00:00	Debian Oval Importer	Affected by	VCID-9t45-d5mf-3uar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0