Lucene search
K

6 matches found

NVD
NVD
added 2023/08/17 6:15 p.m.26 views

CVE-2023-40165

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.5CVSS7.2AI score0.00395EPSS
Exploits0References2
Prion
Prion
added 2023/08/17 6:15 p.m.15 views

Input validation

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

5CVSS7.3AI score0.00395EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/17 5:6 p.m.17 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS6.5AI score0.00395EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/17 5:6 p.m.30 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS7.5AI score0.00395EPSS
Exploits0References2
CVE
CVE
added 2023/08/17 5:6 p.m.2488 views

CVE-2023-40165

The CVE-2023-40165 entry concerns RubyGems.org, the Ruby community gem hosting service. The vulnerability arose from insufficient input validation that allowed replacement of uploaded gems whose platform, version, or gem name matched “/-\d/,” enabling a malicious upload to temporarily override a ...

7.5CVSS7.3AI score0.00395EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/17 5:6 p.m.23 views

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.4CVSS7.3AI score0.00395EPSS
Exploits0References4
Rows per page
Query Builder