rubygems24 vulnerabilities

Known vulnerabilities in the rubygems24 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Arbitrary Command Injection	<0:2.6.14.4-2.15.amzn1
M XML External Entity (XXE) Injection	<0:2.6.14.4-2.14.amzn1
M HTTP Request Smuggling	<0:2.6.14.4-2.13.amzn1
H Arbitrary Code Injection	<0:2.6.14.4-2.12.amzn1
H Improper Input Validation	<0:2.6.14.4-2.12.amzn1
H Improper Authentication	<0:2.6.14.4-2.12.amzn1
H Arbitrary Code Injection	<0:2.6.14.4-2.12.amzn1
H Cross-site Scripting (XSS)	<0:2.6.14.4-2.12.amzn1
H Cross-site Scripting (XSS)	<0:2.6.14.4-2.12.amzn1
H CVE-2019-15845	<0:2.6.14.4-2.12.amzn1
H Arbitrary Code Injection	<0:2.6.14.3-1.30.11.amzn1
H Arbitrary Code Injection	<0:2.6.14.3-1.30.11.amzn1
H Arbitrary Code Injection	<0:2.6.14.3-1.30.11.amzn1
H Arbitrary Argument Injection	<0:2.6.14.3-1.30.11.amzn1
H Arbitrary Code Injection	<0:2.6.14.3-1.30.11.amzn1
H Directory Traversal	<0:2.6.14.3-1.30.11.amzn1
H CVE-2018-16395	<0:2.6.14.3-1.30.7.amzn1
H CVE-2018-16396	<0:2.6.14.3-1.30.7.amzn1
M Directory Traversal	<0:2.6.14.1-1.30.6.amzn1
M Improper Input Validation	<0:2.6.14.1-1.30.6.amzn1
M Use of Externally-Controlled Format String	<0:2.6.14.1-1.30.6.amzn1
M Resource Exhaustion	<0:2.6.14.1-1.30.6.amzn1
M Directory Traversal	<0:2.6.14.1-1.30.6.amzn1
M Cross-site Scripting (XSS)	<0:2.6.14.1-1.30.6.amzn1
M Directory Traversal	<0:2.6.14.1-1.30.6.amzn1
M Improper Input Validation	<0:2.6.14.1-1.30.6.amzn1
M Improper Verification of Cryptographic Signature	<0:2.6.14.1-1.30.6.amzn1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:2.6.14.1-1.30.6.amzn1
M Link Following	<0:2.6.14.1-1.30.6.amzn1
M Deserialization of Untrusted Data	<0:2.6.14.1-1.30.6.amzn1
M Arbitrary Code Injection	<0:2.6.14.1-1.30.6.amzn1
M HTTP Response Splitting	<0:2.6.14.1-1.30.6.amzn1
M Deserialization of Untrusted Data	<0:2.6.14-1.30.5.amzn1
M Out-of-Bounds	<0:2.6.13-1.30.4.amzn1
M Out-of-Bounds	<0:2.6.13-1.30.4.amzn1
M Improper Authentication	<0:2.6.13-1.30.4.amzn1
M Origin Validation Error	<0:2.6.13-1.30.4.amzn1
M Deserialization of Untrusted Data	<0:2.6.13-1.30.4.amzn1
M Improper Input Validation	<0:2.6.13-1.30.4.amzn1
M Improper Input Validation	<0:2.6.13-1.30.4.amzn1
M Use of Externally-Controlled Format String	<0:2.6.13-1.30.4.amzn1
M Arbitrary Code Injection	<0:2.6.13-1.30.4.amzn1

Vulnerability

Vulnerable Version

Arbitrary Command Injection

<0:2.6.14.4-2.15.amzn1

XML External Entity (XXE) Injection

<0:2.6.14.4-2.14.amzn1

HTTP Request Smuggling

<0:2.6.14.4-2.13.amzn1

Arbitrary Code Injection

<0:2.6.14.4-2.12.amzn1

Improper Input Validation

<0:2.6.14.4-2.12.amzn1