rubygems-update vulnerabilities

Licenses: (MIT OR Ruby) | MIT

License

>=1.8.24, <2.0.0.preview2;

>=2.0.7;

>=0.8.3, <1.8.24;

>=2.0.0.preview2, <2.0.7;

Known vulnerabilities in the rubygems-update package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data	>=2.0.0, <2.6.14
H Denial of Service (DoS)	<0.9.1
H Directory Traversal	>=2.7.6, <2.7.9>=3.0.0, <3.0.3
H Arbitrary Code Injection	>=2.6.0, <2.7.9>=3.0.0, <3.0.2
H Arbitrary Code Injection	>=2.6.0, <2.7.9>=3.0.0, <3.0.3
H Arbitrary Code Injection	>=2.6.0, <2.7.9>=3.0.0, <3.0.3
M Man-in-the-Middle (MitM)	<1.8.23
H Arbitrary Code Execution	<2.7.8>=3.0.0, <3.0.3
M Directory Traversal	<2.7.6
C Arbitrary Code Injection	<2.6.13
H Denial of Service (DoS)	<2.6.13
C Improper Verification of Cryptographic Signature	<2.7.6
M Man-in-the-Middle (MitM)	<1.8.23
H Out-of-Bounds	<2.7.8>=3.0.0, <3.0.3
M Regular Expression Denial of Service (ReDoS)	<1.8.23.2>=1.8.24, <1.8.27>=2.0.0, <2.0.10>=2.1.0, <2.1.5
H Directory Traversal	<2.7.6
M Improper Input Validation	<2.7.6
H Man-in-the-Middle (MitM)	<2.6.13
H Arbitrary Code Execution	<2.6.13
H Deserialization of Untrusted Data	<2.7.6
H Infinite Loop	<2.7.6
M DNS Hijack Attack	>=2.0.0, <2.0.17>=2.2.0, <2.2.5>=2.4.0, <2.4.8
M Cross-site Scripting (XSS)	<2.7.6