CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

CVE-2018-1000075

CVE-2018-1000075 affects RubyGems: a negative-size condition in the ruby gem package tar header can cause an infinite loop. Affected ranges include RubyGems in the 2.2, 2.3, 2.4, and 2.5 series (e.g., 2.2.9 and earlier; 2.3.6 and earlier; 2.4.3 and earlier; 2.5.0 and earlier) up to trunk revision...

CVE-2018-1000079

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...

CVE-2018-1000076

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

shopify-scripts: Crash: A call to Symbol.new leads to a crash when inspecting the resulting object

Calling Symbol.new leads to a when inspect is called on that method probably even more methods. From my point of view the root cause is related to 185794 the underlying boxing model. Trying the same with Ruby 2.3 will lead to a NoMethodError: undefined method 'new' for Symbol:Class, which is...