Search for packages
| purl | pkg:deb/debian/jruby@9.1.17.0-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8d7n-bfhu-dkfd | Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop. |
CVE-2018-1000075
GHSA-74pv-v9gh-h25p |
| VCID-8hm4-c4w4-gfen | Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server. |
CVE-2018-1000078
GHSA-87qx-g5wg-mwmj |
| VCID-9t45-d5mf-3uar | Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem. |
CVE-2018-1000079
GHSA-8qxg-mff5-j3wc |
| VCID-af1f-xwwy-jfa8 | RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file. |
CVE-2018-1000074
GHSA-qj2w-mw2r-pv39 |
| VCID-mamm-cvdr-subf | RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL. |
CVE-2018-1000077
GHSA-gv86-43rv-79m2 |
| VCID-w4ns-f42m-pyec | RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures. |
CVE-2018-1000076
GHSA-mc6j-h948-v2p6 |