1. CVE-Search
  2. CVE-2018-1000074
ID CVE-2018-1000074
Summary RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.
References
Vulnerable Configurations
  • cpe:2.3:a:rubygems:rubygems:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3a:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3b:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3b:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.40.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.40.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.23:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.23:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.27:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.27:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.28:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.28:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.29:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.29:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.30:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.30:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.5.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 20-05-2019 - 13:29)
Impact:
Exploitability:
CWE CWE-502
CAPEC
  • Object Injection
    An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:3729
  • rhsa
    id RHSA-2018:3730
  • rhsa
    id RHSA-2018:3731
  • rhsa
    id RHSA-2019:2028
  • rhsa
    id RHSA-2020:0542
  • rhsa
    id RHSA-2020:0591
  • rhsa
    id RHSA-2020:0663
rpms
  • rh-ruby23-ruby-0:2.3.8-69.el6
  • rh-ruby23-ruby-0:2.3.8-69.el7
  • rh-ruby23-ruby-debuginfo-0:2.3.8-69.el6
  • rh-ruby23-ruby-debuginfo-0:2.3.8-69.el7
  • rh-ruby23-ruby-devel-0:2.3.8-69.el6
  • rh-ruby23-ruby-devel-0:2.3.8-69.el7
  • rh-ruby23-ruby-doc-0:2.3.8-69.el6
  • rh-ruby23-ruby-doc-0:2.3.8-69.el7
  • rh-ruby23-ruby-irb-0:2.3.8-69.el6
  • rh-ruby23-ruby-irb-0:2.3.8-69.el7
  • rh-ruby23-ruby-libs-0:2.3.8-69.el6
  • rh-ruby23-ruby-libs-0:2.3.8-69.el7
  • rh-ruby23-ruby-tcltk-0:2.3.8-69.el6
  • rh-ruby23-ruby-tcltk-0:2.3.8-69.el7
  • rh-ruby23-rubygem-bigdecimal-0:1.2.8-69.el6
  • rh-ruby23-rubygem-bigdecimal-0:1.2.8-69.el7
  • rh-ruby23-rubygem-did_you_mean-0:1.0.0-69.el6
  • rh-ruby23-rubygem-did_you_mean-0:1.0.0-69.el7
  • rh-ruby23-rubygem-io-console-0:0.4.5-69.el6
  • rh-ruby23-rubygem-io-console-0:0.4.5-69.el7
  • rh-ruby23-rubygem-json-0:1.8.3.1-69.el6
  • rh-ruby23-rubygem-json-0:1.8.3.1-69.el7
  • rh-ruby23-rubygem-minitest-0:5.8.5-69.el6
  • rh-ruby23-rubygem-minitest-0:5.8.5-69.el7
  • rh-ruby23-rubygem-net-telnet-0:0.1.1-69.el6
  • rh-ruby23-rubygem-net-telnet-0:0.1.1-69.el7
  • rh-ruby23-rubygem-power_assert-0:0.2.6-69.el6
  • rh-ruby23-rubygem-power_assert-0:0.2.6-69.el7
  • rh-ruby23-rubygem-psych-0:2.1.0.1-69.el6
  • rh-ruby23-rubygem-psych-0:2.1.0.1-69.el7
  • rh-ruby23-rubygem-rake-0:10.4.2-69.el6
  • rh-ruby23-rubygem-rake-0:10.4.2-69.el7
  • rh-ruby23-rubygem-rdoc-0:4.2.1-69.el6
  • rh-ruby23-rubygem-rdoc-0:4.2.1-69.el7
  • rh-ruby23-rubygem-test-unit-0:3.1.5-69.el6
  • rh-ruby23-rubygem-test-unit-0:3.1.5-69.el7
  • rh-ruby23-rubygems-0:2.5.2.3-69.el6
  • rh-ruby23-rubygems-0:2.5.2.3-69.el7
  • rh-ruby23-rubygems-devel-0:2.5.2.3-69.el6
  • rh-ruby23-rubygems-devel-0:2.5.2.3-69.el7
  • rh-ruby24-ruby-0:2.4.5-91.el6
  • rh-ruby24-ruby-0:2.4.5-91.el7
  • rh-ruby24-ruby-debuginfo-0:2.4.5-91.el6
  • rh-ruby24-ruby-debuginfo-0:2.4.5-91.el7
  • rh-ruby24-ruby-devel-0:2.4.5-91.el6
  • rh-ruby24-ruby-devel-0:2.4.5-91.el7
  • rh-ruby24-ruby-doc-0:2.4.5-91.el6
  • rh-ruby24-ruby-doc-0:2.4.5-91.el7
  • rh-ruby24-ruby-irb-0:2.4.5-91.el6
  • rh-ruby24-ruby-irb-0:2.4.5-91.el7
  • rh-ruby24-ruby-libs-0:2.4.5-91.el6
  • rh-ruby24-ruby-libs-0:2.4.5-91.el7
  • rh-ruby24-rubygem-bigdecimal-0:1.3.2-91.el6
  • rh-ruby24-rubygem-bigdecimal-0:1.3.2-91.el7
  • rh-ruby24-rubygem-did_you_mean-0:1.1.0-91.el6
  • rh-ruby24-rubygem-did_you_mean-0:1.1.0-91.el7
  • rh-ruby24-rubygem-io-console-0:0.4.6-91.el6
  • rh-ruby24-rubygem-io-console-0:0.4.6-91.el7
  • rh-ruby24-rubygem-json-0:2.0.4-91.el6
  • rh-ruby24-rubygem-json-0:2.0.4-91.el7
  • rh-ruby24-rubygem-minitest-0:5.10.1-91.el6
  • rh-ruby24-rubygem-minitest-0:5.10.1-91.el7
  • rh-ruby24-rubygem-net-telnet-0:0.1.1-91.el6
  • rh-ruby24-rubygem-net-telnet-0:0.1.1-91.el7
  • rh-ruby24-rubygem-openssl-0:2.0.9-91.el6
  • rh-ruby24-rubygem-openssl-0:2.0.9-91.el7
  • rh-ruby24-rubygem-power_assert-0:0.4.1-91.el6
  • rh-ruby24-rubygem-power_assert-0:0.4.1-91.el7
  • rh-ruby24-rubygem-psych-0:2.2.2-91.el6
  • rh-ruby24-rubygem-psych-0:2.2.2-91.el7
  • rh-ruby24-rubygem-rake-0:12.0.0-91.el6
  • rh-ruby24-rubygem-rake-0:12.0.0-91.el7
  • rh-ruby24-rubygem-rdoc-0:5.0.0-91.el6
  • rh-ruby24-rubygem-rdoc-0:5.0.0-91.el7
  • rh-ruby24-rubygem-test-unit-0:3.2.3-91.el6
  • rh-ruby24-rubygem-test-unit-0:3.2.3-91.el7
  • rh-ruby24-rubygem-xmlrpc-0:0.2.1-91.el6
  • rh-ruby24-rubygem-xmlrpc-0:0.2.1-91.el7
  • rh-ruby24-rubygems-0:2.6.14.3-91.el6
  • rh-ruby24-rubygems-0:2.6.14.3-91.el7
  • rh-ruby24-rubygems-devel-0:2.6.14.3-91.el6
  • rh-ruby24-rubygems-devel-0:2.6.14.3-91.el7
  • rh-ruby25-ruby-0:2.5.3-6.el7
  • rh-ruby25-ruby-debuginfo-0:2.5.3-6.el7
  • rh-ruby25-ruby-devel-0:2.5.3-6.el7
  • rh-ruby25-ruby-doc-0:2.5.3-6.el7
  • rh-ruby25-ruby-irb-0:2.5.3-6.el7
  • rh-ruby25-ruby-libs-0:2.5.3-6.el7
  • rh-ruby25-rubygem-bigdecimal-0:1.3.4-6.el7
  • rh-ruby25-rubygem-did_you_mean-0:1.2.0-6.el7
  • rh-ruby25-rubygem-io-console-0:0.4.6-6.el7
  • rh-ruby25-rubygem-json-0:2.1.0-6.el7
  • rh-ruby25-rubygem-minitest-0:5.10.3-6.el7
  • rh-ruby25-rubygem-net-telnet-0:0.1.1-6.el7
  • rh-ruby25-rubygem-openssl-0:2.1.2-6.el7
  • rh-ruby25-rubygem-power_assert-0:1.1.1-6.el7
  • rh-ruby25-rubygem-psych-0:3.0.2-6.el7
  • rh-ruby25-rubygem-rake-0:12.3.0-6.el7
  • rh-ruby25-rubygem-rdoc-0:6.0.1-6.el7
  • rh-ruby25-rubygem-test-unit-0:3.2.7-6.el7
  • rh-ruby25-rubygem-xmlrpc-0:0.3.0-6.el7
  • rh-ruby25-rubygems-0:2.7.6-6.el7
  • rh-ruby25-rubygems-devel-0:2.7.6-6.el7
  • ruby-0:2.0.0.648-36.el7
  • ruby-debuginfo-0:2.0.0.648-36.el7
  • ruby-devel-0:2.0.0.648-36.el7
  • ruby-doc-0:2.0.0.648-36.el7
  • ruby-irb-0:2.0.0.648-36.el7
  • ruby-libs-0:2.0.0.648-36.el7
  • ruby-tcltk-0:2.0.0.648-36.el7
  • rubygem-bigdecimal-0:1.2.0-36.el7
  • rubygem-io-console-0:0.4.2-36.el7
  • rubygem-json-0:1.7.7-36.el7
  • rubygem-minitest-0:4.3.2-36.el7
  • rubygem-psych-0:2.0.0-36.el7
  • rubygem-rake-0:0.9.6-36.el7
  • rubygem-rdoc-0:4.0.0-36.el7
  • rubygems-0:2.0.14.1-36.el7
  • rubygems-devel-0:2.0.14.1-36.el7
  • ruby-0:2.0.0.648-35.el7_5
  • ruby-debuginfo-0:2.0.0.648-35.el7_5
  • ruby-devel-0:2.0.0.648-35.el7_5
  • ruby-doc-0:2.0.0.648-35.el7_5
  • ruby-irb-0:2.0.0.648-35.el7_5
  • ruby-libs-0:2.0.0.648-35.el7_5
  • ruby-tcltk-0:2.0.0.648-35.el7_5
  • rubygem-bigdecimal-0:1.2.0-35.el7_5
  • rubygem-io-console-0:0.4.2-35.el7_5
  • rubygem-json-0:1.7.7-35.el7_5
  • rubygem-minitest-0:4.3.2-35.el7_5
  • rubygem-psych-0:2.0.0-35.el7_5
  • rubygem-rake-0:0.9.6-35.el7_5
  • rubygem-rdoc-0:4.0.0-35.el7_5
  • rubygems-0:2.0.14.1-35.el7_5
  • rubygems-devel-0:2.0.14.1-35.el7_5
  • ruby-0:2.0.0.648-35.el7_4
  • ruby-debuginfo-0:2.0.0.648-35.el7_4
  • ruby-devel-0:2.0.0.648-35.el7_4
  • ruby-doc-0:2.0.0.648-35.el7_4
  • ruby-irb-0:2.0.0.648-35.el7_4
  • ruby-libs-0:2.0.0.648-35.el7_4
  • ruby-tcltk-0:2.0.0.648-35.el7_4
  • rubygem-bigdecimal-0:1.2.0-35.el7_4
  • rubygem-io-console-0:0.4.2-35.el7_4
  • rubygem-json-0:1.7.7-35.el7_4
  • rubygem-minitest-0:4.3.2-35.el7_4
  • rubygem-psych-0:2.0.0-35.el7_4
  • rubygem-rake-0:0.9.6-35.el7_4
  • rubygem-rdoc-0:4.0.0-35.el7_4
  • rubygems-0:2.0.14.1-35.el7_4
  • rubygems-devel-0:2.0.14.1-35.el7_4
  • ruby-0:2.0.0.648-36.el7_6
  • ruby-debuginfo-0:2.0.0.648-36.el7_6
  • ruby-devel-0:2.0.0.648-36.el7_6
  • ruby-doc-0:2.0.0.648-36.el7_6
  • ruby-irb-0:2.0.0.648-36.el7_6
  • ruby-libs-0:2.0.0.648-36.el7_6
  • ruby-tcltk-0:2.0.0.648-36.el7_6
  • rubygem-bigdecimal-0:1.2.0-36.el7_6
  • rubygem-io-console-0:0.4.2-36.el7_6
  • rubygem-json-0:1.7.7-36.el7_6
  • rubygem-minitest-0:4.3.2-36.el7_6
  • rubygem-psych-0:2.0.0-36.el7_6
  • rubygem-rake-0:0.9.6-36.el7_6
  • rubygem-rdoc-0:4.0.0-36.el7_6
  • rubygems-0:2.0.14.1-36.el7_6
  • rubygems-devel-0:2.0.14.1-36.el7_6
refmap via4
debian
  • DSA-4219
  • DSA-4259
misc
mlist
  • [debian-lts-announce] 20180417 [SECURITY] [DLA 1352-1] jruby security update
  • [debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update
  • [debian-lts-announce] 20190520 [SECURITY] [DLA 1796-1] jruby security update
suse openSUSE-SU-2019:1771
ubuntu
  • USN-3621-1
  • USN-3621-2
  • USN-3685-1
Last major update 20-05-2019 - 13:29
Published 13-03-2018 - 15:29
Last modified 20-05-2019 - 13:29
Back to Top