Количество 39
Количество 39
RLSA-2021:3020
Important: ruby:2.7 security update
ELSA-2021-3020
ELSA-2021-3020: ruby:2.7 security update (IMPORTANT)
RLSA-2022:0543
Important: ruby:2.6 security update
ELSA-2022-0543
ELSA-2022-0543: ruby:2.6 security update (IMPORTANT)
openSUSE-SU-2021:3838-1
Security update for ruby2.5
openSUSE-SU-2021:1535-1
Security update for ruby2.5
SUSE-SU-2021:3838-1
Security update for ruby2.5
RLSA-2022:0672
Moderate: ruby:2.5 security update
ELSA-2022-0672
ELSA-2022-0672: ruby:2.5 security update (MODERATE)
ELSA-2022-0672-1
ELSA-2022-0672-1: ruby:2.5 security update (MODERATE)
SUSE-SU-2021:3837-1
Security update for ruby2.1
SUSE-SU-2022:1512-1
Security update for ruby2.5
CVE-2020-36327
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
CVE-2020-36327
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
CVE-2020-36327
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product.
CVE-2020-36327
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...
SUSE-SU-2025:1294-1
Security update for rubygem-bundler
RLSA-2022:0545
Important: ruby:2.5 security update
GHSA-fp4w-jxhp-m23p
Dependency Confusion in Bundler
ELSA-2022-0545
ELSA-2022-0545: ruby:2.5 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2021:3020 Important: ruby:2.7 security update | почти 4 года назад | ||
| ELSA-2021-3020 ELSA-2021-3020: ruby:2.7 security update (IMPORTANT) | почти 4 года назад | ||
| RLSA-2022:0543 Important: ruby:2.6 security update | больше 3 лет назад | ||
| ELSA-2022-0543 ELSA-2022-0543: ruby:2.6 security update (IMPORTANT) | больше 3 лет назад | ||
 | openSUSE-SU-2021:3838-1 Security update for ruby2.5 | больше 3 лет назад | ||
| openSUSE-SU-2021:1535-1 Security update for ruby2.5 | больше 3 лет назад | ||
| SUSE-SU-2021:3838-1 Security update for ruby2.5 | больше 3 лет назад | ||
| RLSA-2022:0672 Moderate: ruby:2.5 security update | больше 3 лет назад | ||
| ELSA-2022-0672 ELSA-2022-0672: ruby:2.5 security update (MODERATE) | больше 3 лет назад | ||
| ELSA-2022-0672-1 ELSA-2022-0672-1: ruby:2.5 security update (MODERATE) | больше 3 лет назад | ||
| SUSE-SU-2021:3837-1 Security update for ruby2.1 | больше 3 лет назад | ||
| SUSE-SU-2022:1512-1 Security update for ruby2.5 | около 3 лет назад | ||
 | CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | CVSS3: 8.8 | 12% Средний | около 4 лет назад |
 | CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | CVSS3: 8.8 | 12% Средний | больше 4 лет назад |
 | CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | CVSS3: 8.8 | 12% Средний | около 4 лет назад |
| CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ... | CVSS3: 8.8 | 12% Средний | около 4 лет назад |
| SUSE-SU-2025:1294-1 Security update for rubygem-bundler | 12% Средний | 2 месяца назад | |
| RLSA-2022:0545 Important: ruby:2.5 security update | 12% Средний | больше 3 лет назад | |
| GHSA-fp4w-jxhp-m23p Dependency Confusion in Bundler | CVSS3: 8.8 | 12% Средний | около 4 лет назад |
| ELSA-2022-0545 ELSA-2022-0545: ruby:2.5 security update (IMPORTANT) | больше 3 лет назад |
Уязвимостей на страницу