VulnerableCode Package Details - pkg:gem/rubygems-update@2.5.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9v2s-tv6k-cbey Aliases: CVE-2017-0899 GHSA-7gcp-2gmq-w3xh		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g3hj-d52t-1bf1 Aliases: CVE-2017-0902 GHSA-73w7-6w9g-gc8w		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nhny-8weg-7fam Aliases: CVE-2017-0903 GHSA-mqwr-4qf2-2hcv		2.6.14 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vvkj-4ywh-47cb Aliases: CVE-2017-0900 GHSA-p7f2-rr42-m9xm		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x6ej-fw8q-3qd9 Aliases: CVE-2017-0901 GHSA-pm9x-4392-2c2p		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9v2s-tv6k-cbey
Aliases:
CVE-2017-0899
GHSA-7gcp-2gmq-w3xh

2.6.13
Affected by 6 other vulnerabilities.

VCID-g3hj-d52t-1bf1
Aliases:
CVE-2017-0902
GHSA-73w7-6w9g-gc8w

2.6.13
Affected by 6 other vulnerabilities.

VCID-nhny-8weg-7fam
Aliases:
CVE-2017-0903
GHSA-mqwr-4qf2-2hcv

2.6.14
Affected by 5 other vulnerabilities.

VCID-vvkj-4ywh-47cb
Aliases:
CVE-2017-0900
GHSA-p7f2-rr42-m9xm

2.6.13
Affected by 6 other vulnerabilities.

VCID-x6ej-fw8q-3qd9
Aliases:
CVE-2017-0901
GHSA-pm9x-4392-2c2p

2.6.13
Affected by 6 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ej8g-bnsx-kfhv	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000076 GHSA-mc6j-h948-v2p6
VCID-gknp-a2p2-4ucm	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000074 GHSA-qj2w-mw2r-pv39
VCID-j53m-puxj-gbfb	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000073 GHSA-gx69-6cp4-hxrj
VCID-npc6-7kwh-8ud9	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000077 GHSA-gv86-43rv-79m2
VCID-v446-d877-f3a3	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000075 GHSA-74pv-v9gh-h25p
VCID-xbwr-ubt1-57c6	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000079 GHSA-8qxg-mff5-j3wc
VCID-y7ya-bf6z-g3bn	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.	CVE-2018-1000078 GHSA-87qx-g5wg-mwmj

Vulnerability

Summary

Aliases

VCID-ej8g-bnsx-kfhv

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000076
GHSA-mc6j-h948-v2p6

VCID-gknp-a2p2-4ucm

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000074
GHSA-qj2w-mw2r-pv39

VCID-j53m-puxj-gbfb

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000073
GHSA-gx69-6cp4-hxrj

VCID-npc6-7kwh-8ud9

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000077
GHSA-gv86-43rv-79m2

VCID-v446-d877-f3a3

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000075
GHSA-74pv-v9gh-h25p

VCID-xbwr-ubt1-57c6

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000079
GHSA-8qxg-mff5-j3wc

VCID-y7ya-bf6z-g3bn

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

CVE-2018-1000078
GHSA-87qx-g5wg-mwmj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:23:32.735477+00:00	GitLab Importer	Fixing	VCID-y7ya-bf6z-g3bn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000078.yml	37.0.0
2025-07-03T17:23:32.603250+00:00	GitLab Importer	Fixing	VCID-npc6-7kwh-8ud9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000077.yml	37.0.0
2025-07-03T17:23:32.517148+00:00	GitLab Importer	Fixing	VCID-ej8g-bnsx-kfhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000076.yml	37.0.0
2025-07-03T17:23:32.459169+00:00	GitLab Importer	Fixing	VCID-gknp-a2p2-4ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000074.yml	37.0.0
2025-07-03T17:23:32.365649+00:00	GitLab Importer	Fixing	VCID-j53m-puxj-gbfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000073.yml	37.0.0
2025-07-03T17:23:31.896850+00:00	GitLab Importer	Fixing	VCID-xbwr-ubt1-57c6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000079.yml	37.0.0
2025-07-03T17:23:30.209893+00:00	GitLab Importer	Fixing	VCID-v446-d877-f3a3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000075.yml	37.0.0
2025-07-03T17:21:43.921156+00:00	GitLab Importer	Affected by	VCID-nhny-8weg-7fam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	37.0.0
2025-07-03T17:20:03.003458+00:00	GitLab Importer	Affected by	VCID-9v2s-tv6k-cbey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	37.0.0
2025-07-03T17:20:02.688241+00:00	GitLab Importer	Affected by	VCID-x6ej-fw8q-3qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	37.0.0
2025-07-03T17:20:02.011665+00:00	GitLab Importer	Affected by	VCID-vvkj-4ywh-47cb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	37.0.0
2025-07-03T17:20:01.700017+00:00	GitLab Importer	Affected by	VCID-g3hj-d52t-1bf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	37.0.0
2025-07-01T18:10:47.561694+00:00	GitLab Importer	Fixing	VCID-y7ya-bf6z-g3bn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000078.yml	36.1.3
2025-07-01T18:10:47.494993+00:00	GitLab Importer	Fixing	VCID-npc6-7kwh-8ud9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000077.yml	36.1.3
2025-07-01T18:10:47.455575+00:00	GitLab Importer	Fixing	VCID-ej8g-bnsx-kfhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000076.yml	36.1.3
2025-07-01T18:10:47.437185+00:00	GitLab Importer	Fixing	VCID-gknp-a2p2-4ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000074.yml	36.1.3
2025-07-01T18:10:47.399160+00:00	GitLab Importer	Fixing	VCID-j53m-puxj-gbfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000073.yml	36.1.3
2025-07-01T18:10:47.240043+00:00	GitLab Importer	Fixing	VCID-xbwr-ubt1-57c6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000079.yml	36.1.3
2025-07-01T18:10:47.166876+00:00	GitLab Importer	Fixing	VCID-v446-d877-f3a3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2018-1000075.yml	36.1.3