Filtered by vendor Rubygems
Subscriptions
Filtered by product Rubygems
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-3900 | 4 Oracle, Redhat, Ruby-lang and 1 more | 5 Solaris, Enterprise Linux, Rhel Software Collections and 2 more | 2024-11-21 | N/A |
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." | ||||
CVE-2013-4363 | 2 Ruby-lang, Rubygems | 2 Ruby, Rubygems | 2024-11-21 | N/A |
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287. | ||||
CVE-2013-4287 | 3 Redhat, Ruby-lang, Rubygems | 7 Enterprise Linux, Enterprise Mrg, Openshift and 4 more | 2024-11-21 | N/A |
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | ||||
CVE-2012-2126 | 3 Canonical, Redhat, Rubygems | 5 Ubuntu Linux, Enterprise Linux, Enterprise Mrg and 2 more | 2024-11-21 | N/A |
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | ||||
CVE-2012-2125 | 3 Canonical, Redhat, Rubygems | 5 Ubuntu Linux, Enterprise Linux, Enterprise Mrg and 2 more | 2024-11-21 | N/A |
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. |