VulnerableCode Package Details - pkg:gem/rubygems-update@1.8.27

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/rubygems-update@1.8.27

Essentials
History (42)

purl	pkg:gem/rubygems-update@1.8.27

Next non-vulnerable version	3.0.3
Latest non-vulnerable version	3.0.3
Risk	10.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-b36p-re17-n7dq Aliases: CVE-2017-0900 GHSA-p7f2-rr42-m9xm	Improper Input Validation RubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ee8m-jtmh-dfbs Aliases: CVE-2015-3900 GHSA-wp3j-rvfp-624h OSV-122162	7PK - Security Features RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	2.0.16 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.0.rc.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.7 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jmzh-89dm-r7g2 Aliases: CVE-2017-0902 GHSA-73w7-6w9g-gc8w	Origin Validation Error RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k2ga-fgvp-5qc7 Aliases: CVE-2013-4287 GHSA-9j7m-rjqx-48vh OSV-97163	Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.	2.0.8 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.0.rc.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.0 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ucdh-7fgy-33h8 Aliases: CVE-2013-4363 GHSA-9qvm-2vhf-q649	Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.	2.0.10 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xgsa-5umz-qffr Aliases: CVE-2017-0899 GHSA-7gcp-2gmq-w3xh	Code Injection RubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xz68-vwz2-2ke4 Aliases: CVE-2017-0901 GHSA-pm9x-4392-2c2p	Improper Input Validation RubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zb9m-getz-3keh Aliases: CVE-2015-4020 GHSA-qv62-xfj6-32xm	Improper Input Validation RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	2.0.17 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.0.rc.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.8 Affected by 12 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-ucdh-7fgy-33h8	Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.	CVE-2013-4363 GHSA-9qvm-2vhf-q649

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:37:59.022898+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.4.0
2026-04-16T20:37:58.486848+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.4.0
2026-04-16T20:37:57.197382+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.4.0
2026-04-16T20:37:56.649292+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.4.0
2026-04-16T20:32:43.655387+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.4.0
2026-04-16T20:32:32.669880+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.4.0
2026-04-16T20:30:56.157571+00:00	GitLab Importer	Affected by	VCID-ucdh-7fgy-33h8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml	38.4.0
2026-04-16T20:30:55.783477+00:00	GitLab Importer	Affected by	VCID-k2ga-fgvp-5qc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml	38.4.0
2026-04-16T17:36:02.976202+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.4.0
2026-04-16T17:36:00.237422+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.4.0
2026-04-11T21:48:39.546287+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.3.0
2026-04-11T21:48:38.888737+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.3.0
2026-04-11T21:48:37.432020+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.3.0
2026-04-11T21:48:36.818574+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.3.0
2026-04-11T21:43:06.350625+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.3.0
2026-04-11T21:42:56.593205+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.3.0
2026-04-11T21:41:19.897557+00:00	GitLab Importer	Affected by	VCID-ucdh-7fgy-33h8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml	38.3.0
2026-04-11T21:41:19.489985+00:00	GitLab Importer	Affected by	VCID-k2ga-fgvp-5qc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml	38.3.0
2026-04-11T21:32:50.311066+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.3.0
2026-04-11T21:32:47.963068+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.3.0
2026-04-04T14:31:04.658650+00:00	GHSA Importer	Fixing	VCID-ucdh-7fgy-33h8	https://github.com/advisories/GHSA-9qvm-2vhf-q649	38.1.0
2026-04-02T22:02:33.293508+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.1.0
2026-04-02T22:02:32.745152+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.1.0
2026-04-02T22:02:31.286100+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.1.0
2026-04-02T22:02:30.747580+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.1.0
2026-04-02T21:57:14.797407+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.1.0
2026-04-02T21:57:05.896040+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.1.0
2026-04-02T21:55:30.534009+00:00	GitLab Importer	Affected by	VCID-ucdh-7fgy-33h8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml	38.1.0
2026-04-02T21:55:30.161184+00:00	GitLab Importer	Affected by	VCID-k2ga-fgvp-5qc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml	38.1.0
2026-04-02T19:31:20.817328+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.1.0
2026-04-02T19:31:18.292892+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.1.0
2026-04-01T16:19:42.753309+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.0.0
2026-04-01T16:19:42.166448+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.0.0
2026-04-01T16:19:40.451497+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.0.0
2026-04-01T16:19:39.850337+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.0.0
2026-04-01T16:14:28.677891+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.0.0
2026-04-01T16:14:17.596693+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.0.0
2026-04-01T16:12:43.822838+00:00	GitLab Importer	Affected by	VCID-ucdh-7fgy-33h8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml	38.0.0
2026-04-01T16:12:43.419420+00:00	GitLab Importer	Affected by	VCID-k2ga-fgvp-5qc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml	38.0.0
2026-04-01T15:48:08.542000+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.0.0
2026-04-01T15:48:06.420256+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.0.0
2026-04-01T13:11:14.842937+00:00	GithubOSV Importer	Fixing	VCID-ucdh-7fgy-33h8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9qvm-2vhf-q649/GHSA-9qvm-2vhf-q649.json	38.0.0