Search for packages
| purl | pkg:gem/ruby-lsp@0.26.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-jumv-pg2h-7ya9 | Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. This issue has been patched in Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9. |
CVE-2026-34060
GHSA-c4r5-fxqw-vh93 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T09:28:22.130254+00:00 | Ruby Importer | Fixing | VCID-jumv-pg2h-7ya9 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-lsp/CVE-2026-34060.yml | 38.6.0 |
| 2026-06-13T06:28:26.303331+00:00 | GHSA Importer | Fixing | VCID-jumv-pg2h-7ya9 | https://github.com/advisories/GHSA-c4r5-fxqw-vh93 | 38.6.0 |
| 2026-06-12T21:40:22.875439+00:00 | GitLab Importer | Fixing | VCID-jumv-pg2h-7ya9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/ruby-lsp/CVE-2026-34060.yml | 38.6.0 |
| 2026-06-12T07:49:28.182584+00:00 | GithubOSV Importer | Fixing | VCID-jumv-pg2h-7ya9 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-c4r5-fxqw-vh93/GHSA-c4r5-fxqw-vh93.json | 38.6.0 |