Max CVSS 7.5 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-0902 6.8
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
09-10-2019 - 23:21 31-08-2017 - 20:29
CVE-2017-0901 6.4
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
09-10-2019 - 23:21 31-08-2017 - 20:29
CVE-2017-0899 7.5
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
09-10-2019 - 23:21 31-08-2017 - 20:29
CVE-2017-0900 5.0
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
13-05-2019 - 14:31 31-08-2017 - 20:29
Back to Top Mark selected
Back to Top