rubygems-update

Licenses: (MIT OR Ruby) | MIT

License

>=1.8.24, <2.0.0.preview2;

>=2.0.7;

>=0.8.3, <1.8.24;

>=2.0.0.preview2, <2.0.7;

Known vulnerabilities in the rubygems-update package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data	>=2.0.0, <2.6.14
H Denial of Service (DoS)	<0.9.1
H Directory Traversal	>=2.7.6, <2.7.9>=3.0.0, <3.0.3
H Arbitrary Code Injection	>=2.6.0, <2.7.9>=3.0.0, <3.0.2
H Arbitrary Code Injection	>=2.6.0, <2.7.9>=3.0.0, <3.0.3
H Arbitrary Code Injection	>=2.6.0, <2.7.9>=3.0.0, <3.0.3
M Man-in-the-Middle (MitM)	<1.8.23
H Denial of Service (DoS)	<2.6.13
C Arbitrary Code Injection	<2.6.13
H Man-in-the-Middle (MitM)	<2.6.13
H Arbitrary Code Execution	<2.6.13
M Man-in-the-Middle (MitM)	<1.8.23
H Arbitrary Code Execution	<2.7.8>=3.0.0, <3.0.3
M Regular Expression Denial of Service (ReDoS)	<1.8.23.2>=1.8.24, <1.8.27>=2.0.0, <2.0.10>=2.1.0, <2.1.5
M Directory Traversal	<2.7.6
H Deserialization of Untrusted Data	<2.7.6
H Infinite Loop	<2.7.6
M Improper Input Validation	<2.7.6
M DNS Hijack Attack	>=2.0.0, <2.0.17>=2.2.0, <2.2.5>=2.4.0, <2.4.8
H Directory Traversal	<2.7.6
C Improper Verification of Cryptographic Signature	<2.7.6
H Out-of-Bounds	<2.7.8>=3.0.0, <3.0.3
M Cross-site Scripting (XSS)	<2.7.6