Search for packages
| purl | pkg:gem/rubygems-update@1.8.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9v2s-tv6k-cbey
Aliases: CVE-2017-0899 GHSA-7gcp-2gmq-w3xh |
Affected by 6 other vulnerabilities. |
|
|
VCID-f3xk-egvm-nfdc
Aliases: CVE-2012-2126 GHSA-5mgj-mvv8-46mw OSV-81444 |
Affected by 8 other vulnerabilities. |
|
|
VCID-g3hj-d52t-1bf1
Aliases: CVE-2017-0902 GHSA-73w7-6w9g-gc8w |
Affected by 6 other vulnerabilities. |
|
|
VCID-jnnf-mtej-ykgp
Aliases: CVE-2012-2125 GHSA-228f-g3h7-3fj3 OSV-85809 |
Affected by 8 other vulnerabilities. |
|
|
VCID-vvkj-4ywh-47cb
Aliases: CVE-2017-0900 GHSA-p7f2-rr42-m9xm |
Affected by 6 other vulnerabilities. |
|
|
VCID-w37m-8kzy-kydq
Aliases: CVE-2013-4287 GHSA-9j7m-rjqx-48vh OSV-97163 |
RubyGems Regular Expression Denial of Service vulnerability Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in `lib/rubygems/version.rb` in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. |
Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-wve4-sjev-euge
Aliases: CVE-2015-3900 GHSA-wp3j-rvfp-624h OSV-122162 |
RubyGems vulnerable to DNS hijack attack RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." |
Affected by 7 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-x6ej-fw8q-3qd9
Aliases: CVE-2017-0901 GHSA-pm9x-4392-2c2p |
Affected by 6 other vulnerabilities. |
|
|
VCID-yx2m-uv31-37dv
Aliases: CVE-2013-4363 GHSA-9qvm-2vhf-q649 |
RubyGems Regular Expression Denial of Service Algorithmic complexity vulnerability in `Gem::Version::ANCHORED_VERSION_PATTERN` in `lib/rubygems/version.rb` in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287. |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-zp1b-4nku-y7ht
Aliases: CVE-2015-4020 GHSA-qv62-xfj6-32xm |
RubyGems Improper Input Validation vulnerability RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3900. |
Affected by 7 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||