Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19?arch=el7
purl pkg:rpm/redhat/rh-ruby22-ruby@2.2.9-19?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-91b7-xx8t-rqhr
Aliases:
CVE-2017-10784
GHSA-369m-2gv6-mw28
Improper Authentication The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. There are no reported fixed by versions.
VCID-b36p-re17-n7dq
Aliases:
CVE-2017-0900
GHSA-p7f2-rr42-m9xm
Improper Input Validation RubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. There are no reported fixed by versions.
VCID-beub-d11r-nbe4
Aliases:
CVE-2017-17790
GHSA-47cm-jxff-w8wg
security update There are no reported fixed by versions.
VCID-cde2-rv4n-tkau
Aliases:
CVE-2017-0903
GHSA-mqwr-4qf2-2hcv
Deserialization of Untrusted Data rubygems-update is vulnerable to a remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. There are no reported fixed by versions.
VCID-cvs2-zecm-z3h8
Aliases:
CVE-2015-7551
GHSA-m9xr-x5mq-4fp5
ruby: DL:: dlopen could open a library with tainted library name There are no reported fixed by versions.
VCID-dh8q-zyat-43ce
Aliases:
CVE-2009-5147
GHSA-mmq8-m72q-qgm4
ruby: DL:: dlopen could open a library with tainted library name There are no reported fixed by versions.
VCID-fapg-pt6b-rfb2
Aliases:
CVE-2017-14033
GHSA-v6rp-3r3v-hf4p
Improper Restriction of Operations within the Bounds of a Memory Buffer The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. There are no reported fixed by versions.
VCID-fhyd-6fyt-byhp
Aliases:
CVE-2017-17405
A vulnerability has been found in Ruby which may allow for arbitrary command execution. There are no reported fixed by versions.
VCID-jmzh-89dm-r7g2
Aliases:
CVE-2017-0902
GHSA-73w7-6w9g-gc8w
Origin Validation Error RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. There are no reported fixed by versions.
VCID-xgsa-5umz-qffr
Aliases:
CVE-2017-0899
GHSA-7gcp-2gmq-w3xh
Code Injection RubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. There are no reported fixed by versions.
VCID-xkd6-jvma-skfk
Aliases:
CVE-2017-14064
GHSA-954h-8gv7-2q75
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. There are no reported fixed by versions.
VCID-xz68-vwz2-2ke4
Aliases:
CVE-2017-0901
GHSA-pm9x-4392-2c2p
Improper Input Validation RubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. There are no reported fixed by versions.
VCID-zybm-uuxu-67gh
Aliases:
CVE-2017-0898
GHSA-wvmx-3rv2-5jgf
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:58:17.688963+00:00 RedHat Importer Affected by VCID-cvs2-zecm-z3h8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7551.json 38.0.0
2026-04-01T14:58:17.649015+00:00 RedHat Importer Affected by VCID-dh8q-zyat-43ce https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5147.json 38.0.0
2026-04-01T14:31:48.310009+00:00 RedHat Importer Affected by VCID-xkd6-jvma-skfk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14064.json 38.0.0
2026-04-01T14:28:58.272714+00:00 RedHat Importer Affected by VCID-xgsa-5umz-qffr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0899.json 38.0.0
2026-04-01T14:28:58.140029+00:00 RedHat Importer Affected by VCID-jmzh-89dm-r7g2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0902.json 38.0.0
2026-04-01T14:28:57.821353+00:00 RedHat Importer Affected by VCID-b36p-re17-n7dq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0900.json 38.0.0
2026-04-01T14:28:57.693261+00:00 RedHat Importer Affected by VCID-xz68-vwz2-2ke4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0901.json 38.0.0
2026-04-01T14:28:51.835880+00:00 RedHat Importer Affected by VCID-zybm-uuxu-67gh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0898.json 38.0.0
2026-04-01T14:28:51.701917+00:00 RedHat Importer Affected by VCID-91b7-xx8t-rqhr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10784.json 38.0.0
2026-04-01T14:28:51.584346+00:00 RedHat Importer Affected by VCID-fapg-pt6b-rfb2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14033.json 38.0.0
2026-04-01T14:27:30.377813+00:00 RedHat Importer Affected by VCID-cde2-rv4n-tkau https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0903.json 38.0.0
2026-04-01T14:26:41.362324+00:00 RedHat Importer Affected by VCID-fhyd-6fyt-byhp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17405.json 38.0.0
2026-04-01T14:26:40.188797+00:00 RedHat Importer Affected by VCID-beub-d11r-nbe4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17790.json 38.0.0