2 matches found
CVE-2024-35221
CVE-2024-35221 targets Rubygems.org’s gem publishing workflow. A Gem publisher could trigger a Remote DoS by publishing a Gem whose metadata is parsed with Gem::Specification.from_yaml, which uses SafeYAML.load and permits YAML aliases, enabling YAML-bomb style DoS. The issue is documented as pat...
PT-2024-5071 · Unknown · Rubygems.Org
Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: The issue is related to how Ruby reads the Manifest of Gem files when using Gem::Specification.from yaml, which makes use of SafeYAML.load. This allows YAML aliases inside the YAML-bas...