VulnerableCode Package Details - pkg:rpm/redhat/rh-ruby30-ruby@3.0.2-148?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-a1z8-2fdu-1uhd Aliases: CVE-2021-31799 GHSA-ggxm-pgc9-g7fp	Arbitrary Code Execution in Rdoc In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via \| and tags in a filename.	There are no reported fixed by versions.
VCID-dy2a-n93k-yfgd Aliases: CVE-2020-36327 GHSA-fp4w-jxhp-m23p	Dependency Confusion in Bundler Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.	There are no reported fixed by versions.
VCID-t9y5-hd9b-bkc4 Aliases: CVE-2021-31810 GHSA-wr95-679j-87v9	Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.	There are no reported fixed by versions.
VCID-xkby-43zv-x3f7 Aliases: CVE-2021-32066 GHSA-gx49-h5r3-q3xj	Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-a1z8-2fdu-1uhd
Aliases:
CVE-2021-31799
GHSA-ggxm-pgc9-g7fp

Arbitrary Code Execution in Rdoc In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

There are no reported fixed by versions.

VCID-dy2a-n93k-yfgd
Aliases:
CVE-2020-36327
GHSA-fp4w-jxhp-m23p

Dependency Confusion in Bundler Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.

There are no reported fixed by versions.

VCID-t9y5-hd9b-bkc4
Aliases:
CVE-2021-31810
GHSA-wr95-679j-87v9

Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.

There are no reported fixed by versions.

VCID-xkby-43zv-x3f7
Aliases:
CVE-2021-32066
GHSA-gx49-h5r3-q3xj

Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:03:17.168166+00:00	RedHat Importer	Affected by	VCID-dy2a-n93k-yfgd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36327.json	38.0.0
2026-04-01T14:02:22.052552+00:00	RedHat Importer	Affected by	VCID-a1z8-2fdu-1uhd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31799.json	38.0.0
2026-04-01T14:01:56.950493+00:00	RedHat Importer	Affected by	VCID-xkby-43zv-x3f7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32066.json	38.0.0
2026-04-01T14:01:56.865149+00:00	RedHat Importer	Affected by	VCID-t9y5-hd9b-bkc4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31810.json	38.0.0