Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000077

Опубликовано: 13 мар. 2018
Источник: debian
EPSS Низкий

Описание

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby2.5fixed2.5.0-5package
ruby2.3removedpackage
ruby2.1removedpackage
ruby1.9.1removedpackage
rubygemsfixed3.2.0~rc.1-1package
jrubyfixed9.1.17.0-1package

Примечания

  • https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964

  • https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/

EPSS

Процентиль: 77%
0.01066
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-1000077

CVSS3: 5.3
ubuntu
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.

redhat логотип

CVE-2018-1000077

CVSS3: 5.5
redhat
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.

nvd логотип

CVE-2018-1000077

CVSS3: 5.3
nvd
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.

github логотип

GHSA-gv86-43rv-79m2

CVSS3: 5.3
github
больше 3 лет назад

RubyGems Improper Input Validation vulnerability

fstec логотип

BDU:2018-01596

CVSS3: 5.3
fstec
почти 8 лет назад

Уязвимость системы управления пакетами RubyGems, связанная с некорректной обработкой параметров, позволяющая пользователю нарушить целостность данных

EPSS

Процентиль: 77%
0.01066
Низкий