Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/ruby@2.0.0.648-35?arch=el7_5
purl pkg:rpm/redhat/ruby@2.0.0.648-35?arch=el7_5
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-8d7n-bfhu-dkfd
Aliases:
CVE-2018-1000075
GHSA-74pv-v9gh-h25p
Loop with Unreachable Exit Condition (Infinite Loop) RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop. There are no reported fixed by versions.
VCID-8hm4-c4w4-gfen
Aliases:
CVE-2018-1000078
GHSA-87qx-g5wg-mwmj
Cross-site Scripting RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server. There are no reported fixed by versions.
VCID-9t45-d5mf-3uar
Aliases:
CVE-2018-1000079
GHSA-8qxg-mff5-j3wc
Path Traversal RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem. There are no reported fixed by versions.
VCID-af1f-xwwy-jfa8
Aliases:
CVE-2018-1000074
GHSA-qj2w-mw2r-pv39
RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the `gem owner` command on a gem with a specially crafted YAML file. There are no reported fixed by versions.
VCID-mamm-cvdr-subf
Aliases:
CVE-2018-1000077
GHSA-gv86-43rv-79m2
RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL. There are no reported fixed by versions.
VCID-qyz5-zmnt-qucy
Aliases:
CVE-2018-8780
GHSA-fphx-j9v2-w2cx
security update There are no reported fixed by versions.
VCID-rdme-1q3s-43d8
Aliases:
CVE-2018-8777
GHSA-9j6f-82h4-9mw2
security update There are no reported fixed by versions.
VCID-tq93-h2ag-s3bx
Aliases:
CVE-2018-1000073
GHSA-gx69-6cp4-hxrj
Path Traversal RubyGems contains a Directory Traversal vulnerability in install_location function of `package.rb` that can result in path traversal when writing to a symlinked basedir outside the root. There are no reported fixed by versions.
VCID-w4ns-f42m-pyec
Aliases:
CVE-2018-1000076
GHSA-mc6j-h948-v2p6
RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in `package.rb` that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:39:49.852714+00:00 RedHat Importer Affected by VCID-qyz5-zmnt-qucy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json 38.4.0
2026-04-01T14:26:10.445304+00:00 RedHat Importer Affected by VCID-9t45-d5mf-3uar https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000079.json 38.0.0
2026-04-01T14:26:10.343127+00:00 RedHat Importer Affected by VCID-8hm4-c4w4-gfen https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000078.json 38.0.0
2026-04-01T14:26:10.238659+00:00 RedHat Importer Affected by VCID-mamm-cvdr-subf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000077.json 38.0.0
2026-04-01T14:26:10.133774+00:00 RedHat Importer Affected by VCID-w4ns-f42m-pyec https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000076.json 38.0.0
2026-04-01T14:26:10.029462+00:00 RedHat Importer Affected by VCID-8d7n-bfhu-dkfd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000075.json 38.0.0
2026-04-01T14:26:09.917601+00:00 RedHat Importer Affected by VCID-af1f-xwwy-jfa8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000074.json 38.0.0
2026-04-01T14:26:09.816841+00:00 RedHat Importer Affected by VCID-tq93-h2ag-s3bx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000073.json 38.0.0
2026-04-01T14:25:36.342989+00:00 RedHat Importer Affected by VCID-rdme-1q3s-43d8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8777.json 38.0.0
2026-04-01T14:25:36.233868+00:00 RedHat Importer Affected by VCID-qyz5-zmnt-qucy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8780.json 38.0.0