rubygems-update vulnerabilities

A package (also known as a library) contains a set of functionality that can be invoked by a Ruby program, such as reading and parsing an XML file. We call these packages 'gems' and RubyGems is a tool to install, create, manage and load these packages in your Ruby environment. RubyGems is also a client for RubyGems.org, a public repository of Gems that allows you to publish a Gem that can be shared and used by other developers. See our guide on publishing a Gem at guides.rubygems.org

Latest version: 3.2.0.rc.2

Licenses detected

  • license: MIT < 1.8.24, >= 0.8.3
  • license: Unknown < 1.8.26, >= 1.8.24
  • Dual license: Ruby, MIT < 2.0.0.preview2, >= 1.8.26
  • license: Unknown < 2.0.6, >= 2.0.0.preview2
  • license: MIT < 2.0.7, >= 2.0.6
  • Dual license: Ruby, MIT >= 2.0.7
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the rubygems-update package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • H
Directory Traversal
>=2.7.6, <2.7.9,>=3.0.0, <3.0.3 Not available 19 Aug, 2020
  • H
Arbitrary Code Injection
>=2.6.0, <2.7.9,>=3.0.0, <3.0.2 Not available 19 Aug, 2020
  • H
Arbitrary Code Injection
>=2.6.0, <2.7.9,>=3.0.0, <3.0.2 Not available 19 Aug, 2020
  • H
Arbitrary Code Injection
>=2.6.0, <2.7.9,>=3.0.0, <3.0.2 Not available 18 Aug, 2020
  • M
Man-in-the-Middle (MitM)
<1.8.23 Not available 14 Nov, 2019
  • M
Regular Expression Denial of Service (ReDoS)
<1.8.23.2,>=1.8.24, <1.8.27,>=2.0.0, <2.0.10,>=2.1.0, <2.1.5 Not available 13 Nov, 2019
  • H
Arbitrary Code Injection
<2.6.13 Not available 13 Nov, 2019
  • H
Infinite Loop
<2.7.6 Not available 13 Nov, 2019
  • M
Man-in-the-Middle (MitM)
<1.8.23 Not available 13 Nov, 2019
  • H
Out-of-Bounds
<2.7.8,>=3.0.0, <3.0.3 Not available 13 Nov, 2019
  • H
Man-in-the-Middle (MitM)
<2.6.13 Not available 13 Nov, 2019
  • M
Directory Traversal
<2.7.6 Not available 13 Nov, 2019
  • M
Cross-site Scripting (XSS)
<2.7.6 Not available 13 Nov, 2019
  • H
Deserialization of Untrusted Data
<2.7.6 Not available 13 Nov, 2019
  • M
Improper Input Validation
<2.7.6 Not available 13 Nov, 2019
  • H
Arbitrary Code Execution
<2.7.8,>=3.0.0, <3.0.3 Not available 13 Nov, 2019
  • H
Directory Traversal
<2.7.6 Not available 13 Nov, 2019
  • H
Improper Verification of Cryptographic Signature
<2.7.6 Not available 13 Nov, 2019
  • H
Arbitrary Code Execution
<2.6.13 Not available 13 Nov, 2019
  • H
Denial of Service (DoS)
<2.6.13 Not available 13 Nov, 2019
  • M
DNS Hijack Attack
>=2.0.0, <2.0.17,>=2.2.0, <2.2.5,>=2.4.0, <2.4.8 Not available 13 Nov, 2019