The vulnerability of the Gem Name Handler component in the Bundler’s dependency management tool for Ruby applications relates to a lack of mechanisms for managing code generation. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Gem Name Handler component in the Bundler dependency management tool for Ruby applications relates to improper handling of gems with identical names. Exploiting this vulnerability can allow an attacker to gain access to sensitive data, compromise its integrity, and cause...

CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

rubygems: Installing a malicious gem may lead to arbitrary code execution

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...