OESA-2024-1780 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote Do...

CVE-2024-35221 Denial of service when publishing a package on rubygems.org

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

CVE-2022-36073

RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that...

CVE-2022-36073

RubyGems.org (the RubyGems host) is affected by CVE-2022-36073 due to a bug in the password and email change confirmation flow that lets an attacker change an account’s email to an unowned address. This could enable the attacker to access saved API keys and, after an authenticated user resets the...

PT-2022-23161 · Unknown · Rubygems.Org

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: A bug in the password and email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. This could enable the attacker to...