Rubygems

rubygems

Vendor: Rubygems • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-3900 4Oracle RedhatRuby Lang+1 more 4Enterprise Linux RubyRubygems+1 more May 6, 2026 Jun 24, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains v...Show more RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."Show less
CVE-2013-4363 2Ruby Lang Rubygems 2Ruby Rubygems Apr 29, 2026 Oct 17, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1...Show more Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.Show less
CVE-2013-4287 3Redhat Ruby LangRubygems 3Enterprise Linux RubyRubygems Apr 29, 2026 Oct 17, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 throu...Show more Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.Show less
CVE-2012-2126 1Rubygems 1Rubygems Apr 29, 2026 Oct 1, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
CVE-2012-2125 1Rubygems 1Rubygems Apr 29, 2026 Oct 1, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Previous 12