rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

MAL-2025-3021 Malicious code in evenote-thrift (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.1 Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when using DNS forwarders. An attacker could exploit this...

MAL-2025-2209 Malicious code in poc-by-shahwar (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6381347b8b3c6e2f8f2d7aa1b39647e7f7444e10122cd821b80ae6b3d05c5a7e The OpenSSF Package Analysis project identified 'poc-by-shahwar' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2025-2210 Malicious code in poc-genrateed-by-noob (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2adff977f2503f0afe5fb20e3154fa4f8c9a3d0fa5dc7a96613fb5b9434673b4 The OpenSSF Package Analysis project identified 'poc-genrateed-by-noob' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The...

MAL-2025-2208 Malicious code in evil_gem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1cbacc9bc6d36bcde7b6cb93df89df1fae5c8f70a841dc916a8ba6cdad2ff95 The OpenSSF Package Analysis project identified 'evilgem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

Linux Distros Unpatched Vulnerability : CVE-2019-8325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is...

Linux Distros Unpatched Vulnerability : CVE-2018-1000074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2018-1000073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2018-1000075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2017-0900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who hav...

Linux Distros Unpatched Vulnerability : CVE-2017-0901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesyste...

Linux Distros Unpatched Vulnerability : CVE-2019-8323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, ...

Linux Distros Unpatched Vulnerability : CVE-2019-8322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, i...

Linux Distros Unpatched Vulnerability : CVE-2017-0902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and...

Linux Distros Unpatched Vulnerability : CVE-2018-1000077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2018-1000078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2018-1000079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2017-0899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem...

Linux Distros Unpatched Vulnerability : CVE-2015-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows...