VulnerableCode Package Details - pkg:deb/debian/jruby@1.7.26-1%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8d7n-bfhu-dkfd	Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.	CVE-2018-1000075 GHSA-74pv-v9gh-h25p
VCID-8hm4-c4w4-gfen	Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.	CVE-2018-1000078 GHSA-87qx-g5wg-mwmj
VCID-9t45-d5mf-3uar	Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.	CVE-2018-1000079 GHSA-8qxg-mff5-j3wc
VCID-af1f-xwwy-jfa8	RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file.	CVE-2018-1000074 GHSA-qj2w-mw2r-pv39
VCID-mamm-cvdr-subf	RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.	CVE-2018-1000077 GHSA-gv86-43rv-79m2
VCID-tq93-h2ag-s3bx	Path Traversal RubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.	CVE-2018-1000073 GHSA-gx69-6cp4-hxrj
VCID-w4ns-f42m-pyec	RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.	CVE-2018-1000076 GHSA-mc6j-h948-v2p6

Vulnerability

Summary

Aliases

VCID-8d7n-bfhu-dkfd

Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.

CVE-2018-1000075
GHSA-74pv-v9gh-h25p

VCID-8hm4-c4w4-gfen

Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.

CVE-2018-1000078
GHSA-87qx-g5wg-mwmj

VCID-9t45-d5mf-3uar

Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.

CVE-2018-1000079
GHSA-8qxg-mff5-j3wc

VCID-af1f-xwwy-jfa8

RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file.

CVE-2018-1000074
GHSA-qj2w-mw2r-pv39

VCID-mamm-cvdr-subf

RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.

CVE-2018-1000077
GHSA-gv86-43rv-79m2

VCID-tq93-h2ag-s3bx

Path Traversal RubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.

CVE-2018-1000073
GHSA-gx69-6cp4-hxrj

VCID-w4ns-f42m-pyec

RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.

CVE-2018-1000076
GHSA-mc6j-h948-v2p6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T14:32:22.621037+00:00	Debian Oval Importer	Fixing	VCID-tq93-h2ag-s3bx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:28:02.337068+00:00	Debian Oval Importer	Fixing	VCID-8d7n-bfhu-dkfd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:18:26.217236+00:00	Debian Oval Importer	Fixing	VCID-af1f-xwwy-jfa8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:10:53.903213+00:00	Debian Oval Importer	Fixing	VCID-w4ns-f42m-pyec	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:07:04.723999+00:00	Debian Oval Importer	Fixing	VCID-mamm-cvdr-subf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:06:26.736081+00:00	Debian Oval Importer	Fixing	VCID-8hm4-c4w4-gfen	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T14:06:21.700355+00:00	Debian Oval Importer	Fixing	VCID-9t45-d5mf-3uar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-11T14:20:40.659181+00:00	Debian Oval Importer	Fixing	VCID-tq93-h2ag-s3bx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T14:16:22.442498+00:00	Debian Oval Importer	Fixing	VCID-8d7n-bfhu-dkfd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T14:06:56.664200+00:00	Debian Oval Importer	Fixing	VCID-af1f-xwwy-jfa8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:59:26.272675+00:00	Debian Oval Importer	Fixing	VCID-w4ns-f42m-pyec	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:55:40.044053+00:00	Debian Oval Importer	Fixing	VCID-mamm-cvdr-subf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:55:02.415368+00:00	Debian Oval Importer	Fixing	VCID-8hm4-c4w4-gfen	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:54:57.242338+00:00	Debian Oval Importer	Fixing	VCID-9t45-d5mf-3uar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-07T22:54:19.456227+00:00	Debian Oval Importer	Fixing	VCID-tq93-h2ag-s3bx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:50:08.622748+00:00	Debian Oval Importer	Fixing	VCID-8d7n-bfhu-dkfd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:40:58.673564+00:00	Debian Oval Importer	Fixing	VCID-af1f-xwwy-jfa8	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:33:58.862883+00:00	Debian Oval Importer	Fixing	VCID-w4ns-f42m-pyec	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:30:31.123981+00:00	Debian Oval Importer	Fixing	VCID-mamm-cvdr-subf	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:29:55.856890+00:00	Debian Oval Importer	Fixing	VCID-8hm4-c4w4-gfen	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:29:51.243980+00:00	Debian Oval Importer	Fixing	VCID-9t45-d5mf-3uar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0