VulnerableCode Package Details - pkg:gem/rubygems-update@2.2.0

Search for packages

Package details: pkg:gem/rubygems-update@2.2.0

Essentials
History (12)

purl	pkg:gem/rubygems-update@2.2.0

Next non-vulnerable version	3.0.3
Latest non-vulnerable version	3.0.3
Risk	10.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-9v2s-tv6k-cbey Aliases: CVE-2017-0899 GHSA-7gcp-2gmq-w3xh		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ej8g-bnsx-kfhv Aliases: CVE-2018-1000076 GHSA-mc6j-h948-v2p6	RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.	2.5.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g3hj-d52t-1bf1 Aliases: CVE-2017-0902 GHSA-73w7-6w9g-gc8w		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nhny-8weg-7fam Aliases: CVE-2017-0903 GHSA-mqwr-4qf2-2hcv		2.6.14 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vvkj-4ywh-47cb Aliases: CVE-2017-0900 GHSA-p7f2-rr42-m9xm		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wve4-sjev-euge Aliases: CVE-2015-3900 GHSA-wp3j-rvfp-624h OSV-122162	RubyGems vulnerable to DNS hijack attack RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	2.2.4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.7 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x6ej-fw8q-3qd9 Aliases: CVE-2017-0901 GHSA-pm9x-4392-2c2p		2.6.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zp1b-4nku-y7ht Aliases: CVE-2015-4020 GHSA-qv62-xfj6-32xm	RubyGems Improper Input Validation vulnerability RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3900.	2.2.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.8 Affected by 12 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-05T18:41:34.430235+00:00	GHSA Importer	Affected by	VCID-wve4-sjev-euge	https://github.com/advisories/GHSA-wp3j-rvfp-624h	37.0.0
2025-07-05T18:41:32.095286+00:00	GHSA Importer	Affected by	VCID-ej8g-bnsx-kfhv	https://github.com/advisories/GHSA-mc6j-h948-v2p6	37.0.0
2025-07-03T17:21:43.892744+00:00	GitLab Importer	Affected by	VCID-nhny-8weg-7fam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0903.yml	37.0.0
2025-07-03T17:20:02.971241+00:00	GitLab Importer	Affected by	VCID-9v2s-tv6k-cbey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml	37.0.0
2025-07-03T17:20:02.656233+00:00	GitLab Importer	Affected by	VCID-x6ej-fw8q-3qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml	37.0.0
2025-07-03T17:20:01.981690+00:00	GitLab Importer	Affected by	VCID-vvkj-4ywh-47cb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml	37.0.0
2025-07-03T17:20:01.665509+00:00	GitLab Importer	Affected by	VCID-g3hj-d52t-1bf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml	37.0.0
2025-07-03T17:13:36.643898+00:00	GitLab Importer	Affected by	VCID-zp1b-4nku-y7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml	37.0.0
2025-07-03T17:13:29.750258+00:00	GitLab Importer	Affected by	VCID-wve4-sjev-euge	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml	37.0.0
2025-07-03T14:30:59.916268+00:00	Ruby Importer	Affected by	VCID-zp1b-4nku-y7ht	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml	37.0.0
2025-07-03T14:30:58.775499+00:00	Ruby Importer	Affected by	VCID-wve4-sjev-euge	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml	37.0.0
2025-07-01T16:58:26.938648+00:00	Ruby Importer	Affected by	VCID-ej8g-bnsx-kfhv	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2018-1000076.yml	36.1.3