SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2026:1355-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1355-1 advisory. Updated to version 2.2.34. - CVE-2020-36327: Bundler chooses a dependency source based on the highest gem...

Malicious code in rbi-central (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Bundler allows attacker to inject arbitrary code via secondary Gem source

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

GHSA-JVGM-PFQV-887X Bundler allows attacker to inject arbitrary code via secondary Gem source

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

PT-2021-12010

Name of the Vulnerable Software and Affected Versions: Bundler versions 1.16.0 through 2.2.9 Bundler versions 2.2.11 through 2.2.16 Description: The issue sometimes chooses a dependency source based on the highest gem version number. This means a rogue gem found at a public source may be chosen,...