Rubygems Rubygems.org
6 CVEs affecting Rubygems Rubygems.org. Latest disclosed: 2024-05-29. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-29176 | Critical | 9.9 | 2022-05-05 | Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org u… |
CVE-2022-36073 | High | 8.3 | 2022-09-07 | RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's emai… |
CVE-2022-29218 | High | 7.7 | 2022-05-13 | RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some g… |
CVE-2023-40165 | High | 7.4 | 2023-08-17 | rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem… |
CVE-2024-21654 | Medium | 4.8 | 2024-01-12 | Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of… |
CVE-2024-35221 | Medium | 4.3 | 2024-05-29 | Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manif… |