CVE-2024-21654

CVE-2024-21654 affects Rubygems.org, the Ruby package hosting service. A flaw in the forgotten-password flow allows bypassing MFA, enabling account takeover. Root cause: a workaround in the password-reset form. Impact: high (CVE details indicate potential total compromise of an affected account)....

CVE-2023-40165

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

Input validation

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...