rubygems

965 tracked vulnerabilities.

CVE-2017-11430 HIGH
omniauth/omniauth_saml < 1.9.0 - Authentication Bypass via SAML Signature Validation Flaw
Apr 17, 2019
CVSS 7.7
EPSS 0.02
CVE-2017-11428 HIGH
OneLogin ruby-saml < 1.6.0 - Authentication Bypass via SAML Signature Validation Flaw
Apr 17, 2019
CVSS 7.7
EPSS 0.03
CVE-2017-15412 HIGH
Redhat Enterprise Linux Desktop < 63.0.3239.84 - Use After Free
Aug 28, 2018
CVSS 8.8
EPSS 0.03
CVE-2017-2662 MEDIUM
Katello 3.4.5 - Improper Privilege Management via Hammer Repository ID
Aug 22, 2018
CVSS 4.3
EPSS 0.01
CVE-2017-18258 MEDIUM
libxml2 < 2.9.6 - Denial of Service via LZMA File Memory Consumption
Apr 08, 2018
CVSS 6.5
EPSS 0.03
CVE-2017-2667 HIGH
Hammer CLI < 0.10.0 - Improper Certificate Validation
Mar 12, 2018
CVSS 8.1
EPSS 0.01
CVE-2017-16229 MEDIUM
Ox gem 2.8.1 - Buffer Overflow
Feb 26, 2018
CVSS 5.5
EPSS 0.01
CVE-2017-10689 MEDIUM
Puppet < 5.3.4 and Puppet Enterprise < 2016.4.10 - Improper Privilege Management
Feb 09, 2018
CVSS 5.5
EPSS 0.00
CVE-2017-18076 HIGH
OmniAuth < 1.3.2 - Session Token Exposure via POST Parameter Storage
Jan 26, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-12097 MEDIUM
delayed_job_web 1.4 - Stored Cross-Site Scripting via Filter Functionality
Jan 19, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-12098 MEDIUM
rails_admin 1.2.0 - Stored Cross-Site Scripting via Add Filter Functionality
Jan 19, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-17718 MEDIUM
net-ldap < 0.16.0 - Improper Certificate Validation
Dec 17, 2017
CVSS 5.9
EPSS 0.01
CVE-2017-16355 MEDIUM
Phusion Passenger 5.1.10 - Info Disclosure
Dec 14, 2017
CVSS 4.7
EPSS 0.00
CVE-2017-10906 CRITICAL
Fluentd 0.12.29-0.12.40 - Escape Sequence Injection
Dec 08, 2017
CVSS 9.8
EPSS 0.05
CVE-2017-17042 HIGH
YARD < 0.9.11 - Path Traversal via Relative Path Handling
Nov 28, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-16932 HIGH
libxml2 < 2.9.5 - Denial of Service via Infinite Recursion in Parameter Entities
Nov 23, 2017
CVSS 7.5
EPSS 0.06
CVE-2017-1000248 CRITICAL
Redis-store <=v1.3.0 - Info Disclosure
Nov 17, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-0909 CRITICAL
Private_address_check <0.4.1 - SSRF
Nov 16, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-16833 MEDIUM
gemirro < 0.16.0 - Stored Cross-Site Scripting via Crafted JavaScript URL in Gemspec Homepage
Nov 15, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-0905 CRITICAL
Recurly Client Ruby Library <2.0.13-2.11.3 - SSRF
Nov 13, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-0904 HIGH
Private_address_check <0.4.0 - SSRF
Nov 13, 2017
CVSS 8.1
EPSS 0.02
CVE-2017-0889 CRITICAL
Paperclip 3.1.4-5.1.9 - Server-Side Request Forgery via UriAdapter
Nov 13, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-16792 MEDIUM
geminabox < 0.13.10 - Stored Cross-Site Scripting via Gemspec Homepage Value
Nov 13, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-16516 HIGH
yajl-ruby 1.3.0 - Memory Corruption
Nov 03, 2017
CVSS 7.5
EPSS 0.04
CVE-2017-15928 HIGH
OX < 2.8.1 - Improper Input Validation
Oct 27, 2017
CVSS 7.5
EPSS 0.02