Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / rubygems

rubygems

954 tracked vulnerabilities.

CVE-2017-17718 MEDIUM

net-ldap < 0.16.0 - Improper Certificate Validation

CVE-2017-16355 MEDIUM

Phusion Passenger 5.1.10 - Info Disclosure

CVE-2017-10906 CRITICAL

Fluentd 0.12.29-0.12.40 - Escape Sequence Injection

CVE-2017-17042 HIGH

YARD < 0.9.11 - Path Traversal via Relative Path Handling

CVE-2017-16932 HIGH

libxml2 < 2.9.5 - Denial of Service via Infinite Recursion in Parameter Entities

CVE-2017-1000248 CRITICAL

Redis-store <=v1.3.0 - Info Disclosure

CVE-2017-0909 CRITICAL

Private_address_check <0.4.1 - SSRF

CVE-2017-16833 MEDIUM

gemirro < 0.16.0 - Stored Cross-Site Scripting via Crafted JavaScript URL in Gemspec Homepage

CVE-2017-0905 CRITICAL

Recurly Client Ruby Library <2.0.13-2.11.3 - SSRF

CVE-2017-0904 HIGH

Private_address_check <0.4.0 - SSRF

CVE-2017-0889 CRITICAL

Paperclip 3.1.4-5.1.9 - Server-Side Request Forgery via UriAdapter

CVE-2017-16792 MEDIUM

geminabox < 0.13.10 - Stored Cross-Site Scripting via Gemspec Homepage Value

CVE-2017-16516 HIGH

yajl-ruby 1.3.0 - Memory Corruption

CVE-2017-15928 HIGH

OX < 2.8.1 - Improper Input Validation

CVE-2017-15364 MEDIUM

Ccsv - Use-After-Free in foreach Function

CVE-2017-0903 CRITICAL

RubyGems 2.0.0-2.6.13 - Remote Code Execution via YAML Deserialization

CVE-2017-14683 HIGH

geminabox < 0.13.7 - Cross-Site Request Forgery via Unintended Gem Upload

CVE-2017-14506 MEDIUM

geminabox < 0.13.6 - Cross-Site Scripting via Crafted Gem Homepage Value

CVE-2017-14033 HIGH

Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Denial of Service via OpenSSL::ASN1 Decode Method

CVE-2017-10784 HIGH

Ruby < 2.2.8, 2.3.x < 2.3.5, 2.4.x <= 2.4.1 - Command Injection via WEBrick Basic Authentication

CVE-2017-0902 HIGH

RubyGems < 2.6.12 - DNS Hijacking via MITM Attack

CVE-2017-0901 HIGH

RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass

CVE-2017-0900 HIGH

RubyGems < 2.6.12 - Denial of Service via Malicious Gem Specification

CVE-2017-0899 CRITICAL

RubyGems < 2.6.13 - Terminal Escape Sequence Injection via Gem Specification

CVE-2017-7540 CRITICAL

rubygem-safemode <1.3.2 - Privilege Escalation

Previous Page 26 of 39 Next

Products

actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy