Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2015-4020

Low priority
Not affected

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...

7 affected packages

jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby
libgems-ruby
ruby1.8
ruby1.9.1
ruby2.1
ruby2.2
rubygems
Show all 7 packages Show less packages

CVE-2015-3900

Low priority
Ignored

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...

8 affected packages

jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby
libgems-ruby
ruby1.8
ruby1.9.1
ruby2.1
ruby2.2
ruby2.3
rubygems
Show all 8 packages Show less packages

CVE-2007-0469

Unknown priority

Some fixes available 2 of 3

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service,...

1 affected package

libgems-ruby

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgems-ruby
Show less packages