VulnerableCode Package Details - pkg:gem/rubygems-update@2.1.5

Search for packages

Package details: pkg:gem/rubygems-update@2.1.5

Essentials
History (11)

purl	pkg:gem/rubygems-update@2.1.5

Next non-vulnerable version	3.0.3
Latest non-vulnerable version	3.0.3
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-9v2s-tv6k-cbey Aliases: CVE-2017-0899 GHSA-7gcp-2gmq-w3xh		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g3hj-d52t-1bf1 Aliases: CVE-2017-0902 GHSA-73w7-6w9g-gc8w		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nhny-8weg-7fam Aliases: CVE-2017-0903 GHSA-mqwr-4qf2-2hcv		2.6.14 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vvkj-4ywh-47cb Aliases: CVE-2017-0900 GHSA-p7f2-rr42-m9xm		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wve4-sjev-euge Aliases: CVE-2015-3900 GHSA-wp3j-rvfp-624h OSV-122162	RubyGems vulnerable to DNS hijack attack RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	2.2.4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.7 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x6ej-fw8q-3qd9 Aliases: CVE-2017-0901 GHSA-pm9x-4392-2c2p		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zp1b-4nku-y7ht Aliases: CVE-2015-4020 GHSA-qv62-xfj6-32xm	RubyGems Improper Input Validation vulnerability RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3900.	2.2.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.8 Affected by 12 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-yx2m-uv31-37dv	RubyGems Regular Expression Denial of Service Algorithmic complexity vulnerability in `Gem::Version::ANCHORED_VERSION_PATTERN` in `lib/rubygems/version.rb` in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.	CVE-2013-4363 GHSA-9qvm-2vhf-q649

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-05T18:42:01.650873+00:00	GHSA Importer	Fixing	VCID-yx2m-uv31-37dv	https://github.com/advisories/GHSA-9qvm-2vhf-q649	37.0.0
2025-07-03T17:21:43.879268+00:00	GitLab Importer	Affected by	VCID-nhny-8weg-7fam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	37.0.0
2025-07-03T17:20:02.957304+00:00	GitLab Importer	Affected by	VCID-9v2s-tv6k-cbey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	37.0.0
2025-07-03T17:20:02.642075+00:00	GitLab Importer	Affected by	VCID-x6ej-fw8q-3qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	37.0.0
2025-07-03T17:20:01.967358+00:00	GitLab Importer	Affected by	VCID-vvkj-4ywh-47cb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	37.0.0
2025-07-03T17:20:01.649145+00:00	GitLab Importer	Affected by	VCID-g3hj-d52t-1bf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	37.0.0
2025-07-03T17:13:36.628150+00:00	GitLab Importer	Affected by	VCID-zp1b-4nku-y7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	37.0.0
2025-07-03T17:13:29.734597+00:00	GitLab Importer	Affected by	VCID-wve4-sjev-euge	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	37.0.0
2025-07-03T14:30:59.898589+00:00	Ruby Importer	Affected by	VCID-zp1b-4nku-y7ht	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	37.0.0
2025-07-03T14:30:58.751339+00:00	Ruby Importer	Affected by	VCID-wve4-sjev-euge	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	37.0.0
2025-07-01T12:29:58.490607+00:00	GithubOSV Importer	Fixing	VCID-yx2m-uv31-37dv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9qvm-2vhf-q649/GHSA-9qvm-2vhf-q649.json	36.1.3