Hackerone Rubygems
4 CVEs affecting Hackerone Rubygems. Latest disclosed: 2017-10-11. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-0903 | Critical | 9.8 | 2017-10-11 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can byp… |
CVE-2017-0899 | Critical | 9.8 | 2017-08-31 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specifica… |
CVE-2017-0902 | High | 8.1 | 2017-08-31 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and ins… |
CVE-2017-0901 | High | 7.5 | 2017-08-31 | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesyst… |