Search for packages
| purl | pkg:rpm/redhat/rubygem-thor@0.19.1-1?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qrmf-7afx-6yd8
Aliases: CVE-2013-0334 GHSA-49jx-9cmc-xjxm OSV-110004 |
Remote code execution Any Gemfile with multiple top-level `source` lines cannot reliably control the gem server that a particular gem is fetched from. As a result, Bundler might install the wrong gem if more than one source provides a gem with the same name. This is especially possible in the case of Github's legacy gem server, hosted at gems.github.com. An attacker might create a malicious gem on Rubygems.org with the same name as a commonly-used Github gem. From that point forward, running `bundle install` might result in the malicious gem being used instead of the expected gem. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:46:28.222804+00:00 | RedHat Importer | Affected by | VCID-qrmf-7afx-6yd8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0334.json | 38.0.0 |