Search for packages
Package details: pkg:maven/org.jruby/jruby-stdlib@1.7.1
purl pkg:maven/org.jruby/jruby-stdlib@1.7.1
Next non-vulnerable version 9.1.16.0
Latest non-vulnerable version 9.1.16.0
Risk 4.5
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-ej8g-bnsx-kfhv
Aliases:
CVE-2018-1000076
GHSA-mc6j-h948-v2p6
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-gknp-a2p2-4ucm
Aliases:
CVE-2018-1000074
GHSA-qj2w-mw2r-pv39
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-j53m-puxj-gbfb
Aliases:
CVE-2018-1000073
GHSA-gx69-6cp4-hxrj
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-npc6-7kwh-8ud9
Aliases:
CVE-2018-1000077
GHSA-gv86-43rv-79m2
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-v446-d877-f3a3
Aliases:
CVE-2018-1000075
GHSA-74pv-v9gh-h25p
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-xbwr-ubt1-57c6
Aliases:
CVE-2018-1000079
GHSA-8qxg-mff5-j3wc
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
VCID-y7ya-bf6z-g3bn
Aliases:
CVE-2018-1000078
GHSA-87qx-g5wg-mwmj
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.
9.1.16.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T18:18:25.777642+00:00 GitLab Importer Affected by VCID-xbwr-ubt1-57c6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000079.yml 37.0.0
2025-07-03T18:18:06.052811+00:00 GitLab Importer Affected by VCID-y7ya-bf6z-g3bn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000078.yml 37.0.0
2025-07-03T18:18:00.699361+00:00 GitLab Importer Affected by VCID-npc6-7kwh-8ud9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000077.yml 37.0.0
2025-07-03T18:17:53.881413+00:00 GitLab Importer Affected by VCID-gknp-a2p2-4ucm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000074.yml 37.0.0
2025-07-03T18:17:51.657683+00:00 GitLab Importer Affected by VCID-ej8g-bnsx-kfhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000076.yml 37.0.0
2025-07-03T18:16:35.064732+00:00 GitLab Importer Affected by VCID-v446-d877-f3a3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000075.yml 37.0.0
2025-07-03T18:16:08.949141+00:00 GitLab Importer Affected by VCID-j53m-puxj-gbfb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby-stdlib/CVE-2018-1000073.yml 37.0.0