Lucene search
K

4 matches found

CVE
CVE
added 2024/05/29 8:18 p.m.84 views

CVE-2024-35221

CVE-2024-35221 targets Rubygems.org’s gem publishing workflow. A Gem publisher could trigger a Remote DoS by publishing a Gem whose metadata is parsed with Gem::Specification.from_yaml, which uses SafeYAML.load and permits YAML aliases, enabling YAML-bomb style DoS. The issue is documented as pat...

4.3CVSS4.5AI score0.00494EPSS
Exploits0References3
CVE
CVE
added 2024/01/12 8:59 p.m.66 views

CVE-2024-21654

CVE-2024-21654 affects Rubygems.org, the Ruby package hosting service. A flaw in the forgotten-password flow allows bypassing MFA, enabling account takeover. Root cause: a workaround in the password-reset form. Impact: high (CVE details indicate potential total compromise of an affected account)....

9.8CVSS9.4AI score0.0048EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/08/17 6:15 p.m.26 views

CVE-2023-40165

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

7.5CVSS7.2AI score0.00395EPSS
Exploits0References2
Prion
Prion
added 2023/08/17 6:15 p.m.15 views

Input validation

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

5CVSS7.3AI score0.00395EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder