Skip to content

Commit b2f7745

Browse files
postmodernpostmodern
committed
1 parent be85e28 commit b2f7745

File tree

4 files changed

+52
-0
lines changed

4 files changed

+52
-0
lines changed

libraries/rubygems/CVE-2017-0899.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
---
2+
library: rubygems
3+
cve: 2017-0899
4+
url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
5+
title: RubyGems ANSI escape sequence vulnerability
6+
date: 2017-08-29
7+
description: |
8+
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem
9+
specifications that include terminal escape characters. Printing the gem
10+
specification would execute terminal escape sequences.
11+
cvss_v2: 7.5
12+
patched_versions:
13+
- ">= 2.6.13"

libraries/rubygems/CVE-2017-0900.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
---
2+
library: rubygems
3+
cve: 2017-0900
4+
url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
5+
title: RubyGems DoS vulnerability in the query command
6+
date: 2017-08-29
7+
description: |
8+
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem
9+
specifications to cause a denial of service attack against RubyGems clients
10+
who have issued a `query` command.
11+
cvss_v2: 5.0
12+
patched_versions:
13+
- ">= 2.6.13"

libraries/rubygems/CVE-2017-0901.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
---
2+
library: rubygems
3+
cve: 2017-0901
4+
url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
5+
title: RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
6+
date: 2017-08-29
7+
description: |
8+
RubyGems version 2.6.12 and earlier fails to validate specification names,
9+
allowing a maliciously crafted gem to potentially overwrite any file on the
10+
filesystem.
11+
cvss_v2: 6.4
12+
patched_versions:
13+
- ">= 2.6.13"

libraries/rubygems/CVE-2017-0902.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
---
2+
library: rubygems
3+
cve: 2017-0902
4+
url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
5+
title: RubyGems DNS request hijacking vulnerability
6+
date: 2017-08-29
7+
description: |
8+
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking
9+
vulnerability that allows a MITM attacker to force the RubyGems client to
10+
down load and install gems from a server that the attacker controls.
11+
cvss_v2: 6.8
12+
patched_versions:
13+
- ">= 2.6.13"

0 commit comments

Comments
 (0)