Information on source package rubygems

Available versions

ReleaseVersion
bullseye3.2.5-2
bookworm3.3.15-2
trixie3.4.20-1
sid3.4.20-1

Open issues

BugbullseyebookwormtrixiesidDescription
CVE-2023-28755vulnerable (no DSA)vulnerable (no DSA)fixedfixedA ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...
CVE-2021-43809vulnerable (no DSA)fixedfixedfixed`Bundler` is a package for managing application dependencies in Ruby. ...
CVE-2020-36327vulnerable (no DSA, ignored)fixedfixedfixedBundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...

Resolved issues

BugDescription
CVE-2023-36617A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...
CVE-2019-8325An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
CVE-2019-8324An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...
CVE-2019-8323An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...
CVE-2019-8322An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...
CVE-2019-8321An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
CVE-2019-8320A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...
CVE-2018-1000079RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000078RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000077RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000076RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000075RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000074RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2018-1000073RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...
CVE-2017-0903RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ...
CVE-2017-0902RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...
CVE-2017-0901RubyGems version 2.6.12 and earlier fails to validate specification na ...
CVE-2017-0900RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...
CVE-2017-0899RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...
CVE-2015-4020RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...
CVE-2015-3900RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4 ...
CVE-2013-4363Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...
CVE-2013-4287Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...
CVE-2012-2126RubyGems before 1.8.23 does not verify an SSL certificate, which allow ...
CVE-2012-2125RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...

Security announcements

DSA / DLADescription
DLA-1336-1rubygems - security update
DLA-1112-1rubygems - security update

Search for package or bug name: Reporting problems