Lack of data validation - Path Traversal In rubygems-update
Description
RubyGems may allow a maliciously crafted gem to overwrite files RubyGems versions 2.6.12 and earlier fail to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rubygems | >=0 <2.6.13 | 2.6.13 | |
 alpine v3.22 | >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.10 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.11 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.12 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.7 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.8 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.9 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.15 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.16 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 |
1-10 of 28
10
Aliases
References
1. https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb22. https://hackerone.com/reports/2431563. https://usn.ubuntu.com/3553-14. https://usn.ubuntu.com/3685-15. https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/10392496. https://web.archive.org/web/20170915000000*/http://www.securityfocus.com/bid/100580#:~:text=1%20snapshot-,16%3A05%3A26,-Note7. https://www.debian.org/security/2017/dsa-39668. https://www.exploit-db.com/exploits/426119. http://blog.rubygems.org/2017/08/27/2.6.13-released.html
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.