Search for packages
| purl | pkg:gem/rubygems-update@2.3 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ee8m-jtmh-dfbs
Aliases: CVE-2015-3900 GHSA-wp3j-rvfp-624h OSV-122162 |
7PK - Security Features RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." |
Affected by 13 other vulnerabilities. |
|
VCID-zb9m-getz-3keh
Aliases: CVE-2015-4020 GHSA-qv62-xfj6-32xm |
Improper Input Validation RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. |
Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:35.394437+00:00 | Ruby Importer | Affected by | VCID-zb9m-getz-3keh | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml | 38.0.0 |
| 2026-04-01T15:18:35.073845+00:00 | Ruby Importer | Affected by | VCID-ee8m-jtmh-dfbs | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml | 38.0.0 |