rubygems

954 tracked vulnerabilities.

CVE-2018-1000079 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal via Malicious Gem Installation
Mar 13, 2018
CVSS 5.5
EPSS 0.00
CVE-2018-1000078 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Cross-Site Scripting in Gem Server Homepage Display
Mar 13, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-1000077 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Improper Input Validation in Gem Specification Homepage Attribute
Mar 13, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-1000076 CRITICAL
RubyGems <2.7.6 - Improper Verification of Cryptographic Signature
Mar 13, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-1000075 HIGH
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Infinite Loop via Negative Size in Tar Header
Mar 13, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-1000074 HIGH
RubyGems <2.7.6 - Deserialization of Untrusted Data
Mar 13, 2018
CVSS 7.8
EPSS 0.01
CVE-2018-1000073 HIGH
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal in install_location Function
Mar 13, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-1000119 MEDIUM
Sinatra rack-protection <1.5.5, <2.0.0 - CSRF
Mar 07, 2018
CVSS 5.9
EPSS 0.00
CVE-2018-7261 MEDIUM
Radiant CMS 1.1.4 - Stored Cross-Site Scripting in Personal Preferences and Configuration
Feb 21, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-7212 MEDIUM
sinatra 2.x < 2.0.1 - Path Traversal via Backslash Characters
Feb 18, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-1000060 CRITICAL
Sensu Core <1.2.0 - Info Disclosure
Feb 09, 2018
CVSS 9.8
EPSS 0.00
CVE-2018-5216 MEDIUM
Radiant CMS 1.1.4 - Stored Cross-Site Scripting via Markdown Input in Page Editor
Jan 04, 2018
CVSS 5.4
EPSS 0.00
CVE-2017-20159 LOW
Keynote < 1.0.0 - Cross-Site Scripting in rumble.rb
Dec 31, 2022
CVSS 3.5
EPSS 0.00
CVE-2017-1002201 MEDIUM
Haml <5.0.0.beta.2 - Code Injection
Oct 15, 2019
CVSS 6.1
EPSS 0.01
CVE-2017-11430 HIGH
omniauth/omniauth_saml < 1.9.0 - Authentication Bypass via SAML Signature Validation Flaw
Apr 17, 2019
CVSS 7.7
EPSS 0.00
CVE-2017-11428 HIGH
OneLogin ruby-saml < 1.6.0 - Authentication Bypass via SAML Signature Validation Flaw
Apr 17, 2019
CVSS 7.7
EPSS 0.01
CVE-2017-15412 HIGH
Redhat Enterprise Linux Desktop < 63.0.3239.84 - Use After Free
Aug 28, 2018
CVSS 8.8
EPSS 0.03
CVE-2017-2662 MEDIUM
Katello 3.4.5 - Improper Privilege Management via Hammer Repository ID
Aug 22, 2018
CVSS 4.3
EPSS 0.00
CVE-2017-18258 MEDIUM
libxml2 < 2.9.6 - Denial of Service via LZMA File Memory Consumption
Apr 08, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-2667 HIGH
Hammer CLI < 0.10.0 - Improper Certificate Validation
Mar 12, 2018
CVSS 8.1
EPSS 0.00
CVE-2017-16229 MEDIUM
Ox gem 2.8.1 - Buffer Overflow
Feb 26, 2018
CVSS 5.5
EPSS 0.00
CVE-2017-10689 MEDIUM
Puppet < 5.3.4 and Puppet Enterprise < 2016.4.10 - Improper Privilege Management
Feb 09, 2018
CVSS 5.5
EPSS 0.00
CVE-2017-18076 HIGH
OmniAuth < 1.3.2 - Session Token Exposure via POST Parameter Storage
Jan 26, 2018
CVSS 7.5
EPSS 0.00
CVE-2017-12097 MEDIUM
delayed_job_web 1.4 - Stored Cross-Site Scripting via Filter Functionality
Jan 19, 2018
CVSS 6.1
EPSS 0.00
CVE-2017-12098 MEDIUM
rails_admin 1.2.0 - Stored Cross-Site Scripting via Add Filter Functionality
Jan 19, 2018
CVSS 6.1
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV