Lucene search
K

4 matches found

NVD
NVD
added 2022/05/13 1:15 a.m.27 views

CVE-2022-29218

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

7.7CVSS0.01218EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/12 11:55 p.m.28 views

CVE-2022-29218 Unauthorized takeover for new versions of some platform-specific gems

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

7.7CVSS7.7AI score0.01218EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 11:55 p.m.8 views

CVE-2022-29218 Unauthorized takeover for new versions of some platform-specific gems

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

7.7CVSS7.7AI score0.01218EPSS
Exploits1References2
CVE
CVE
added 2022/05/12 11:55 p.m.82 views

CVE-2022-29218

CVE-2022-29218 affects RubyGems, the Ruby package registry. An ordering mistake in the gem-upload code allowed some gems (platforms ending with numbers, e.g., arm64-darwin-21) to be temporarily replaced in the CDN cache by a malicious package. The issue has been patched, and a broad review of log...

7.7CVSS7.5AI score0.01218EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder