Design/Logic Flaw

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

RubyGems Infinite Loop vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...

RubyGems 安全漏洞

RubyGems is a Ruby package manager from the Rubygems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems suffers from a security vulnerability that stems from a sorting error in gem upload code, where certain gems are temporarily replaced by malicious...

RubyGems Link Following vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

CVE-2022-29218

CVE-2022-29218 affects RubyGems, the Ruby package registry. An ordering mistake in the gem-upload code allowed some gems (platforms ending with numbers, e.g., arm64-darwin-21) to be temporarily replaced in the CDN cache by a malicious package. The issue has been patched, and a broad review of log...

CVE-2022-29218 Unauthorized takeover for new versions of some platform-specific gems

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

CVE-2022-29218 Unauthorized takeover for new versions of some platform-specific gems

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...

Critical Gems Takeover Bug Reported in RubyGems Package Manager

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace...

CVE-2022-29176

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

Design/Logic Flaw

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

CVE-2022-29176

CVE-2022-29176 affects RubyGems.org via a yank-action bug that allowed an authorized-appearing gem name (containing a dash) to be removed or replaced with a rogue file when the gem was created within 30 days or had no updates for over 100 days. Multiple trusted sources (NVD, Red Hat, CVE list, an...

Internet Bug Bounty: rubygems.org Batching attack to `confirmation_token` by bypass rate limit

The following is copied from hackerone's report. https://hackerone.com/reports/1529183 --- I confirmed that EmailConfirmationsController has the same problem as https://hackerone.com/reports/449356...

PT-2022-2574 · Bundler +1 · Bundler +1

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: The issue is related to a bug in the yank action of RubyGems.org, allowing any user to remove and replace certain gems without authorization. A gem is vulnerable if it has one or more...

RubyGems 安全漏洞

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems suffers from a security vulnerability that stems from an error in yank operations, which allows any RubyGems.org user to delete and replace certain gem...

GHSA-95VX-Q4C2-64GR RubyGems file overwrite vulnerability

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

RubyGems file overwrite vulnerability

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

Denial of Service (DoS)

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Denial of Service DoS via the extractfiles function in installer.rb, which does not check whether files exist before overwriting them, which allows user-assisted remote...

RubyGems passenger gem allows remote attackers to delete files

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions 4.0.0.beta1, 4.0.0.beta2...

GHSA-8MW8-J583-VQFG RubyGems passenger gem allows remote attackers to delete files

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions 4.0.0.beta1, 4.0.0.beta2...

RubyGems: Possibility to guess email address from gravatar image URL

The vulnerability allowed an attacker to potentially guess a user's email address by exploiting the use of a simple MD5 hash in the Gravatar implementation on rubygems.org. This could be done by matching the hash in the Gravatar URL with the generated hash from the email address. The impact of th...