VulnerableCode Package Details - pkg:gem/rubygems-update@2.0.15

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/rubygems-update@2.0.15

Essentials
History (36)

purl	pkg:gem/rubygems-update@2.0.15

Next non-vulnerable version	3.0.3
Latest non-vulnerable version	3.0.3
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-b36p-re17-n7dq Aliases: CVE-2017-0900 GHSA-p7f2-rr42-m9xm	Improper Input Validation RubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cde2-rv4n-tkau Aliases: CVE-2017-0903 GHSA-mqwr-4qf2-2hcv	Deserialization of Untrusted Data rubygems-update is vulnerable to a remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.	2.6.14 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ee8m-jtmh-dfbs Aliases: CVE-2015-3900 GHSA-wp3j-rvfp-624h OSV-122162	7PK - Security Features RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	2.0.16 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.0.rc.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.7 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jmzh-89dm-r7g2 Aliases: CVE-2017-0902 GHSA-73w7-6w9g-gc8w	Origin Validation Error RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xgsa-5umz-qffr Aliases: CVE-2017-0899 GHSA-7gcp-2gmq-w3xh	Code Injection RubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xz68-vwz2-2ke4 Aliases: CVE-2017-0901 GHSA-pm9x-4392-2c2p	Improper Input Validation RubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.	2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zb9m-getz-3keh Aliases: CVE-2015-4020 GHSA-qv62-xfj6-32xm	Improper Input Validation RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	2.0.17 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.0.rc.1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.8 Affected by 12 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:39:15.234358+00:00	GitLab Importer	Affected by	VCID-cde2-rv4n-tkau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	38.4.0
2026-04-16T20:37:59.095918+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.4.0
2026-04-16T20:37:58.560995+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.4.0
2026-04-16T20:37:57.274962+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.4.0
2026-04-16T20:37:56.723294+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.4.0
2026-04-16T20:32:43.729975+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.4.0
2026-04-16T20:32:32.745081+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.4.0
2026-04-16T17:36:03.053028+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.4.0
2026-04-16T17:36:00.315342+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.4.0
2026-04-11T21:50:02.249937+00:00	GitLab Importer	Affected by	VCID-cde2-rv4n-tkau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	38.3.0
2026-04-11T21:48:39.639985+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.3.0
2026-04-11T21:48:38.977339+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.3.0
2026-04-11T21:48:37.519518+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.3.0
2026-04-11T21:48:36.904563+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.3.0
2026-04-11T21:43:06.443459+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.3.0
2026-04-11T21:42:56.679293+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.3.0
2026-04-11T21:32:50.388759+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.3.0
2026-04-11T21:32:48.051639+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.3.0
2026-04-02T22:03:54.075377+00:00	GitLab Importer	Affected by	VCID-cde2-rv4n-tkau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	38.1.0
2026-04-02T22:02:33.370066+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.1.0
2026-04-02T22:02:32.822905+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.1.0
2026-04-02T22:02:31.362145+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.1.0
2026-04-02T22:02:30.823141+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.1.0
2026-04-02T21:57:14.873435+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.1.0
2026-04-02T21:57:05.972046+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.1.0
2026-04-02T19:31:20.890539+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.1.0
2026-04-02T19:31:18.366032+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.1.0
2026-04-01T16:20:52.698840+00:00	GitLab Importer	Affected by	VCID-cde2-rv4n-tkau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	38.0.0
2026-04-01T16:19:42.837899+00:00	GitLab Importer	Affected by	VCID-xgsa-5umz-qffr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	38.0.0
2026-04-01T16:19:42.250355+00:00	GitLab Importer	Affected by	VCID-xz68-vwz2-2ke4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	38.0.0
2026-04-01T16:19:40.534365+00:00	GitLab Importer	Affected by	VCID-b36p-re17-n7dq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	38.0.0
2026-04-01T16:19:39.933477+00:00	GitLab Importer	Affected by	VCID-jmzh-89dm-r7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	38.0.0
2026-04-01T16:14:28.751705+00:00	GitLab Importer	Affected by	VCID-zb9m-getz-3keh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	38.0.0
2026-04-01T16:14:17.671028+00:00	GitLab Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	38.0.0
2026-04-01T15:48:08.631637+00:00	Ruby Importer	Affected by	VCID-zb9m-getz-3keh	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	38.0.0
2026-04-01T15:48:06.515847+00:00	Ruby Importer	Affected by	VCID-ee8m-jtmh-dfbs	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	38.0.0