Rubygems@2.0.3 Security Vulnerabilities and Issues — Rubygems@2.0.3 CVE List

Lucene search

RubygemsRubygems2.0.3

3 matches found

CVE•added 2013/10/17 11:55 p.m.•70 views

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (C...

4.3CVSS5.5AI score0.02737EPSS

CVE•added 2013/10/17 11:55 p.m.•66 views

CVE-2013-4287

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consump...

4.3CVSS5.4AI score0.02737EPSS

CVE•added 2015/08/25 5:59 p.m.•51 views

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original do...

4.3CVSS7.5AI score0.03187EPSS