VulnerableCode Package Details - pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91?arch=el7

Essentials
History (16)

purl	pkg:rpm/redhat/rh-ruby24-ruby@2.4.5-91?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-1cad-uybu-2uau Aliases: CVE-2017-17742 GHSA-7p4c-jf2w-hc3w	security update	There are no reported fixed by versions.
VCID-8d7n-bfhu-dkfd Aliases: CVE-2018-1000075 GHSA-74pv-v9gh-h25p	Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.	There are no reported fixed by versions.
VCID-8hm4-c4w4-gfen Aliases: CVE-2018-1000078 GHSA-87qx-g5wg-mwmj	Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.	There are no reported fixed by versions.
VCID-9t45-d5mf-3uar Aliases: CVE-2018-1000079 GHSA-8qxg-mff5-j3wc	Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.	There are no reported fixed by versions.
VCID-af1f-xwwy-jfa8 Aliases: CVE-2018-1000074 GHSA-qj2w-mw2r-pv39	RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file.	There are no reported fixed by versions.
VCID-bad1-7aa4-cugv Aliases: CVE-2018-6914 GHSA-wpg3-wgm5-rv8w	security update	There are no reported fixed by versions.
VCID-c3y8-w4b4-3qea Aliases: CVE-2018-16395 GHSA-mmrq-6999-72v8	Improper Certificate Validation When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.	There are no reported fixed by versions.
VCID-kamp-zmtx-aqbz Aliases: CVE-2018-16396 GHSA-xh4x-ph6p-vmxh	security update	There are no reported fixed by versions.
VCID-mamm-cvdr-subf Aliases: CVE-2018-1000077 GHSA-gv86-43rv-79m2	RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.	There are no reported fixed by versions.
VCID-qyz5-zmnt-qucy Aliases: CVE-2018-8780 GHSA-fphx-j9v2-w2cx	security update	There are no reported fixed by versions.
VCID-rdme-1q3s-43d8 Aliases: CVE-2018-8777 GHSA-9j6f-82h4-9mw2	security update	There are no reported fixed by versions.
VCID-tq93-h2ag-s3bx Aliases: CVE-2018-1000073 GHSA-gx69-6cp4-hxrj	Path Traversal RubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root.	There are no reported fixed by versions.
VCID-w4ns-f42m-pyec Aliases: CVE-2018-1000076 GHSA-mc6j-h948-v2p6	RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.	There are no reported fixed by versions.
VCID-y29u-wpkt-rkgp Aliases: CVE-2018-8779	security update	There are no reported fixed by versions.
VCID-zwxw-299r-wfgx Aliases: CVE-2018-8778 GHSA-wvhq-ch4h-8pwr	security update	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:39:49.955273+00:00	RedHat Importer	Affected by	VCID-qyz5-zmnt-qucy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json	38.4.0
2026-04-01T14:26:10.497578+00:00	RedHat Importer	Affected by	VCID-9t45-d5mf-3uar	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000079.json	38.0.0
2026-04-01T14:26:10.396624+00:00	RedHat Importer	Affected by	VCID-8hm4-c4w4-gfen	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000078.json	38.0.0
2026-04-01T14:26:10.290629+00:00	RedHat Importer	Affected by	VCID-mamm-cvdr-subf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000077.json	38.0.0
2026-04-01T14:26:10.186608+00:00	RedHat Importer	Affected by	VCID-w4ns-f42m-pyec	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000076.json	38.0.0
2026-04-01T14:26:10.085368+00:00	RedHat Importer	Affected by	VCID-8d7n-bfhu-dkfd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000075.json	38.0.0
2026-04-01T14:26:09.976985+00:00	RedHat Importer	Affected by	VCID-af1f-xwwy-jfa8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000074.json	38.0.0
2026-04-01T14:26:09.865394+00:00	RedHat Importer	Affected by	VCID-tq93-h2ag-s3bx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000073.json	38.0.0
2026-04-01T14:25:36.605010+00:00	RedHat Importer	Affected by	VCID-zwxw-299r-wfgx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8778.json	38.0.0
2026-04-01T14:25:36.500441+00:00	RedHat Importer	Affected by	VCID-1cad-uybu-2uau	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17742.json	38.0.0
2026-04-01T14:25:36.396566+00:00	RedHat Importer	Affected by	VCID-rdme-1q3s-43d8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8777.json	38.0.0
2026-04-01T14:25:36.289909+00:00	RedHat Importer	Affected by	VCID-qyz5-zmnt-qucy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json	38.0.0
2026-04-01T14:25:36.198847+00:00	RedHat Importer	Affected by	VCID-y29u-wpkt-rkgp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8779.json	38.0.0
2026-04-01T14:25:36.133913+00:00	RedHat Importer	Affected by	VCID-bad1-7aa4-cugv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6914.json	38.0.0
2026-04-01T14:21:54.857276+00:00	RedHat Importer	Affected by	VCID-kamp-zmtx-aqbz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16396.json	38.0.0
2026-04-01T14:21:54.704147+00:00	RedHat Importer	Affected by	VCID-c3y8-w4b4-3qea	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16395.json	38.0.0