Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/rubygems-update@2.5.2
purl pkg:gem/rubygems-update@2.5.2
Next non-vulnerable version 3.0.3
Latest non-vulnerable version 3.0.3
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-b36p-re17-n7dq
Aliases:
CVE-2017-0900
GHSA-p7f2-rr42-m9xm
Improper Input Validation RubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
2.6.13
Affected by 6 other vulnerabilities.
VCID-cde2-rv4n-tkau
Aliases:
CVE-2017-0903
GHSA-mqwr-4qf2-2hcv
Deserialization of Untrusted Data rubygems-update is vulnerable to a remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
2.6.14
Affected by 5 other vulnerabilities.
VCID-jmzh-89dm-r7g2
Aliases:
CVE-2017-0902
GHSA-73w7-6w9g-gc8w
Origin Validation Error RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
2.6.13
Affected by 6 other vulnerabilities.
VCID-xgsa-5umz-qffr
Aliases:
CVE-2017-0899
GHSA-7gcp-2gmq-w3xh
Code Injection RubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
2.6.13
Affected by 6 other vulnerabilities.
VCID-xz68-vwz2-2ke4
Aliases:
CVE-2017-0901
GHSA-pm9x-4392-2c2p
Improper Input Validation RubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
2.6.13
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:39:15.358009+00:00 GitLab Importer Affected by VCID-cde2-rv4n-tkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml 38.4.0
2026-04-16T20:37:59.212388+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.4.0
2026-04-16T20:37:58.676499+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.4.0
2026-04-16T20:37:57.393974+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.4.0
2026-04-16T20:37:56.846571+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.4.0
2026-04-11T21:50:02.378226+00:00 GitLab Importer Affected by VCID-cde2-rv4n-tkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml 38.3.0
2026-04-11T21:48:39.781833+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.3.0
2026-04-11T21:48:39.120002+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.3.0
2026-04-11T21:48:37.650451+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.3.0
2026-04-11T21:48:37.038320+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.3.0
2026-04-02T22:03:54.195882+00:00 GitLab Importer Affected by VCID-cde2-rv4n-tkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml 38.1.0
2026-04-02T22:02:33.488683+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.1.0
2026-04-02T22:02:32.941113+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.1.0
2026-04-02T22:02:31.481662+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.1.0
2026-04-02T22:02:30.941962+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.1.0
2026-04-01T16:20:52.830707+00:00 GitLab Importer Affected by VCID-cde2-rv4n-tkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml 38.0.0
2026-04-01T16:19:42.967119+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.0.0
2026-04-01T16:19:42.380541+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.0.0
2026-04-01T16:19:40.664110+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.0.0
2026-04-01T16:19:40.063281+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.0.0