VulnerableCode Package Details - pkg:rpm/redhat/rubygems@1.8.23.2-1?arch=el6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rubygems@1.8.23.2-1?arch=el6

Essentials
History (7)

purl	pkg:rpm/redhat/rubygems@1.8.23.2-1?arch=el6

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-1k2z-1j7b-jbew Aliases: CVE-2013-4461	cumin: filtering table operator not checked, leads to potential SQLi	There are no reported fixed by versions.
VCID-1xcz-9xrn-s7gx Aliases: CVE-2013-4414	cumin: non-persistent XSS possible due to not escaping set limit form input	There are no reported fixed by versions.
VCID-fx2c-u8eb-dufe Aliases: CVE-2012-2125 GHSA-228f-g3h7-3fj3 OSV-85809	HTTP Request Smuggling RubyGems can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.	There are no reported fixed by versions.
VCID-hpng-v58x-xua5 Aliases: CVE-2012-2126 GHSA-5mgj-mvv8-46mw OSV-81444	Cryptographic Issues RubyGems does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.	There are no reported fixed by versions.
VCID-k2ga-fgvp-5qc7 Aliases: CVE-2013-4287 GHSA-9j7m-rjqx-48vh OSV-97163	Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.	There are no reported fixed by versions.
VCID-s6z8-mxs3-q3gs Aliases: CVE-2013-4405	cumin: CSRF protection does not work	There are no reported fixed by versions.
VCID-zx7k-5ws1-abdm Aliases: CVE-2013-4404	cumin: missing authorization checks in forms, charts, and csv export widgets	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:55:42.448832+00:00	RedHat Importer	Affected by	VCID-hpng-v58x-xua5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2126.json	38.0.0
2026-04-01T14:55:42.377092+00:00	RedHat Importer	Affected by	VCID-fx2c-u8eb-dufe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2125.json	38.0.0
2026-04-01T14:50:12.236065+00:00	RedHat Importer	Affected by	VCID-k2ga-fgvp-5qc7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4287.json	38.0.0
2026-04-01T14:49:13.027192+00:00	RedHat Importer	Affected by	VCID-1xcz-9xrn-s7gx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4414.json	38.0.0
2026-04-01T14:49:12.974061+00:00	RedHat Importer	Affected by	VCID-s6z8-mxs3-q3gs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4405.json	38.0.0
2026-04-01T14:49:12.921983+00:00	RedHat Importer	Affected by	VCID-zx7k-5ws1-abdm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4404.json	38.0.0
2026-04-01T14:49:12.662724+00:00	RedHat Importer	Affected by	VCID-1k2z-1j7b-jbew	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4461.json	38.0.0