Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 12:3 a.m.10 views

CVE-2022-29176

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

9.9CVSS6.7AI score0.01845EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/05/10 5:53 a.m.76 views

Critical Gems Takeover Bug Reported in RubyGems Package Manager

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace...

0.9AI score0.01845EPSS
Exploits0
Circl
Circl
added 2022/05/06 2:11 a.m.6 views

CVE-2022-29176

creationtimestamp| type| source ---|---|--- 2022-05-06 02:11:53+00:00| seen| https://t.me/cibsecurity/42066 2022-05-10 16:53:33+00:00| seen| https://t.me/BlueHatHackersCommunity/25...

9.9CVSS7.3AI score0.01845EPSS
Exploits0References2
CVE
CVE
added 2022/05/05 10:5 p.m.87 views

CVE-2022-29176

CVE-2022-29176 affects RubyGems.org via a yank-action bug that allowed an authorized-appearing gem name (containing a dash) to be removed or replaced with a rogue file when the gem was created within 30 days or had no updates for over 100 days. Multiple trusted sources (NVD, Red Hat, CVE list, an...

9.9CVSS7.7AI score0.01845EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/05 10:5 p.m.9 views

CVE-2022-29176 Unauthorized gem takeover for some gems on rubygems.org

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

9.9CVSS9.4AI score0.01845EPSS
Exploits0References3
Rows per page
Query Builder