exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

GHSA-wp3j-rvfp-624h

больше 3 лет назад

RubyGems vulnerable to DNS hijack attack

EPSS: Низкий

CVE-2015-3900

больше 10 лет назад

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

CVSS2: 5

EPSS: Низкий

CVE-2015-3900

больше 10 лет назад

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

CVSS2: 7.9

EPSS: Низкий

CVE-2015-3900

больше 10 лет назад

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

CVSS2: 5

EPSS: Низкий

CVE-2015-3900

больше 10 лет назад

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4 ...

CVSS2: 5

EPSS: Низкий

openSUSE-SU-2017:1128-1

почти 9 лет назад

Security update for ruby2.1

EPSS: Низкий

SUSE-SU-2017:1067-1

почти 9 лет назад

Security update for ruby2.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
GHSA-wp3j-rvfp-624h RubyGems vulnerable to DNS hijack attack		2% Низкий	больше 3 лет назад
CVE-2015-3900 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	CVSS2: 5	2% Низкий	больше 10 лет назад
CVE-2015-3900 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	CVSS2: 7.9	2% Низкий	больше 10 лет назад
CVE-2015-3900 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	CVSS2: 5	2% Низкий	больше 10 лет назад
CVE-2015-3900 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4 ...	CVSS2: 5	2% Низкий	больше 10 лет назад
openSUSE-SU-2017:1128-1 Security update for ruby2.1			почти 9 лет назад
SUSE-SU-2017:1067-1 Security update for ruby2.1			почти 9 лет назад

Уязвимостей на страницу