Search for packages
| purl | pkg:rpm/redhat/rubygems@1.3.7-4?arch=el6_4 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fx2c-u8eb-dufe
Aliases: CVE-2012-2125 GHSA-228f-g3h7-3fj3 OSV-85809 |
HTTP Request Smuggling RubyGems can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | There are no reported fixed by versions. |
|
VCID-hpng-v58x-xua5
Aliases: CVE-2012-2126 GHSA-5mgj-mvv8-46mw OSV-81444 |
Cryptographic Issues RubyGems does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | There are no reported fixed by versions. |
|
VCID-k2ga-fgvp-5qc7
Aliases: CVE-2013-4287 GHSA-9j7m-rjqx-48vh OSV-97163 |
Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:55:42.419977+00:00 | RedHat Importer | Affected by | VCID-hpng-v58x-xua5 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2126.json | 38.0.0 |
| 2026-04-01T14:55:42.348686+00:00 | RedHat Importer | Affected by | VCID-fx2c-u8eb-dufe | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2125.json | 38.0.0 |
| 2026-04-01T14:50:12.154498+00:00 | RedHat Importer | Affected by | VCID-k2ga-fgvp-5qc7 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4287.json | 38.0.0 |