CRITICAL9.8CVE-2018-1000076RubyGems Improper Verification of Cryptographic Signature vulnerability >= 2.2.0, < 2.7.6
CRITICAL9.8CVE-2017-0903RubyGems vulnerable to Deserialization of Untrusted Data >= 2.0.0, < 2.6.14
from 0, < 2.6.13
HIGH8.8Code injection in RubyGems
>= 2.6.0, < 2.7.9
HIGH8.1RubyGems has Origin Validation Error vulnerability
from 0, < 2.6.13
HIGH7.8jruby - security update
from 0, < 2.7.6
HIGH7.5rubygems - security update
from 0, < 2.6.13
HIGH7.5jruby - security update
from 0, < 2.7.6
HIGH7.5RubyGems may allow a maliciously crafted gem to overwrite files
from 0, < 2.6.13
HIGH7.5jruby - security update
from 0, < 2.7.6
HIGH7.5RubyGems Escape sequence injection in errors
>= 2.6.0, < 2.7.9
HIGH7.5RubyGems Escape sequence injection vulnerability in verbose
>= 2.6.0, < 2.7.9
HIGH7.5RubyGems Escape sequence injection vulnerability in gem owner
>= 2.6.0, < 2.7.9
HIGH7.5RubyGems Escape sequence injection vulnerability in api response handling
>= 2.6.0, < 2.7.9
HIGH7.4ruby2.3 - security update
>= 2.7.6, < 2.7.9
MEDIUM6.1RubyGems Cross-site Scripting vulnerability
from 0, < 2.7.6
MEDIUM5.5RubyGems Path Traversal vulnerability
from 0, < 2.7.6
MEDIUM5.3RubyGems Improper Input Validation vulnerability
from 0, < 2.7.6
—RubyGems HTTPS to HTTP redirect
from 0, < 1.8.23
—RubyGems does not verify SSL certificate
from 0, < 1.8.23
—RubyGems Improper Input Validation vulnerability
from 0, < 2.0.17
—RubyGems Regular Expression Denial of Service
from 0, < 1.8.23.2
—RubyGems vulnerable to DNS hijack attack
>= 2.0.0, < 2.0.16
—RubyGems Regular Expression Denial of Service vulnerability
from 0, < 1.8.23.1
—RubyGems file overwrite vulnerability
from 0, < 0.9.1