Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jruby/jruby-stdlib@1.7.0.preview1
purl pkg:maven/org.jruby/jruby-stdlib@1.7.0.preview1
Next non-vulnerable version 9.1.16.0
Latest non-vulnerable version 9.1.16.0
Risk 4.5
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-3bue-qvm7-2fby
Aliases:
CVE-2018-1000075
GHSA-74pv-v9gh-h25p
Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-e7rv-fv84-jygh
Aliases:
CVE-2018-1000079
GHSA-8qxg-mff5-j3wc
Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-k6gg-djg6-kbh5
Aliases:
CVE-2018-1000074
GHSA-qj2w-mw2r-pv39
RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-qrbv-et5k-wkdk
Aliases:
CVE-2018-1000073
GHSA-gx69-6cp4-hxrj
Path Traversal RubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-xqpw-9uap-kugb
Aliases:
CVE-2018-1000076
GHSA-mc6j-h948-v2p6
RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-yxa4-p6gs-7bgr
Aliases:
CVE-2018-1000077
GHSA-gv86-43rv-79m2
RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-zzey-wstd-p7e3
Aliases:
CVE-2018-1000078
GHSA-87qx-g5wg-mwmj
Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.
9.1.16.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T02:02:32.068354+00:00 GitLab Importer Affected by VCID-e7rv-fv84-jygh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000079.yml 38.6.0
2026-06-06T02:00:54.332446+00:00 GitLab Importer Affected by VCID-zzey-wstd-p7e3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000078.yml 38.6.0
2026-06-06T02:00:24.439359+00:00 GitLab Importer Affected by VCID-yxa4-p6gs-7bgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000077.yml 38.6.0
2026-06-06T01:59:52.265470+00:00 GitLab Importer Affected by VCID-k6gg-djg6-kbh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000074.yml 38.6.0
2026-06-06T01:59:38.396678+00:00 GitLab Importer Affected by VCID-xqpw-9uap-kugb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000076.yml 38.6.0
2026-06-06T01:52:56.506748+00:00 GitLab Importer Affected by VCID-3bue-qvm7-2fby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000075.yml 38.6.0
2026-06-06T01:50:12.602218+00:00 GitLab Importer Affected by VCID-qrbv-et5k-wkdk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000073.yml 38.6.0