rubygems-update is an inbuilt rubygem for updating rubygems.
Affected versions of this package are vulnerable to Arbitrary Code Execution. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker can inject arbitrary code to the stub line of gemspec, which is eval-ed by code in
ensure_loadable_spec during the preinstall check.
rubygems-update to version 2.7.8, 3.0.3 or higher.