Search for packages
| purl | pkg:ebuild/dev-ruby/rubygems@2.6.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-b36p-re17-n7dq | Improper Input Validation RubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. |
CVE-2017-0900
GHSA-p7f2-rr42-m9xm |
| VCID-jmzh-89dm-r7g2 | Origin Validation Error RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. |
CVE-2017-0902
GHSA-73w7-6w9g-gc8w |
| VCID-xgsa-5umz-qffr | Code Injection RubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. |
CVE-2017-0899
GHSA-7gcp-2gmq-w3xh |
| VCID-xz68-vwz2-2ke4 | Improper Input Validation RubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. |
CVE-2017-0901
GHSA-pm9x-4392-2c2p |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:02:37.286830+00:00 | Gentoo Importer | Fixing | VCID-jmzh-89dm-r7g2 | https://security.gentoo.org/glsa/201710-01 | 38.0.0 |
| 2026-04-01T13:02:37.276720+00:00 | Gentoo Importer | Fixing | VCID-xz68-vwz2-2ke4 | https://security.gentoo.org/glsa/201710-01 | 38.0.0 |
| 2026-04-01T13:02:37.266054+00:00 | Gentoo Importer | Fixing | VCID-b36p-re17-n7dq | https://security.gentoo.org/glsa/201710-01 | 38.0.0 |
| 2026-04-01T13:02:37.257787+00:00 | Gentoo Importer | Fixing | VCID-xgsa-5umz-qffr | https://security.gentoo.org/glsa/201710-01 | 38.0.0 |