SUSE CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...

rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...

RubyGems Improper Input Validation Vulnerability

RubyGems is a package manager for Ruby that provides a standard format for distributing Ruby programs and libraries called "gems", and is designed to make it easy to manage gem installations and the servers used to distribute them. An improper input validation vulnerability exists in the ruby gem...

Medium: ruby22, ruby23

Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...

DEBIAN-CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...