Search CVE reports
41 – 48 of 48 results
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...
7 affected packages
jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | — | — | — | — |
libgems-ruby | — | — | — | — |
ruby1.8 | — | — | — | — |
ruby1.9.1 | — | — | — | — |
ruby2.1 | — | — | — | — |
ruby2.2 | — | — | — | — |
rubygems | — | — | — | — |
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...
8 affected packages
jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | — | — | — | — |
libgems-ruby | — | — | — | — |
ruby1.8 | — | — | — | — |
ruby1.9.1 | — | — | — | — |
ruby2.1 | — | — | — | — |
ruby2.2 | — | — | — | — |
ruby2.3 | — | — | — | — |
rubygems | — | — | — | — |
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0...
3 affected packages
jruby, ruby1.9.1, rubygems
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | — | — | — | — |
ruby1.9.1 | — | — | — | — |
rubygems | — | — | — | — |
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0...
3 affected packages
jruby, ruby1.9.1, rubygems
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | — | — | — | — |
ruby1.9.1 | — | — | — | — |
rubygems | — | — | — | — |
Some fixes available 3 of 12
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an...
1 affected package
jruby
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | — | — | — | — |
Some fixes available 2 of 22
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
3 affected packages
jruby, ruby1.9.1, rubygems
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | Not affected | — | Not affected | Not affected |
ruby1.9.1 | Not in release | Not in release | Not in release | Not in release |
rubygems | Not affected | Not affected | Not in release | Not in release |
Some fixes available 2 of 20
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
3 affected packages
jruby, ruby1.9.1, rubygems
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | Not affected | — | Not affected | Not affected |
ruby1.9.1 | Not in release | Not in release | Not in release | Not in release |
rubygems | Not affected | Not affected | Not in release | Not in release |
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an...
1 affected package
jruby
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jruby | — | — | — | — |