Lack of data validation In rubygems-update
Description
RubyGems has Origin Validation Error vulnerability RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rubygems | >=0 <2.6.13 | 2.6.13 | |
 debian 14 | >=0 <3.2.0~rc.1-1 | 3.2.0~rc.1-1 | |
 alpine v3.21 | >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.3 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r1 || =1.8.7_p352-r2 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || >=0 <2.2.8-r0 | 2.2.8-r0 | |
alpine v3.10 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.14 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.16 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.6 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.18 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r0 || =1.8.7_p352-r1 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || =2.3.3-r1 || =2.3.3-r2 || =2.3.3-r3 || =2.4.0-r3 || =2.4.1-r1 || =2.4.1-r2 || =2.4.1-r3 || =2.4.1-r4 || =2.4.1-r5 || >=0 <2.4.2-r0 | 2.4.2-r0 | |
alpine v3.5 | =1.8.7_p160-r2 || =1.8.7_p160-r3 || =1.8.7_p174-r0 || =1.8.7_p174-r1 || =1.8.7_p174-r2 || =1.8.7_p174-r3 || =1.8.7_p174-r4 || =1.8.7_p174-r6 || =1.8.7_p174-r7 || =1.8.7_p299-r0 || =1.8.7_p299-r1 || =1.8.7_p299-r2 || =1.8.7_p352-r1 || =1.8.7_p352-r2 || =1.8.7_p358-r1 || =1.8.7_p72-r1 || =1.8.7_p72-r2 || =1.9.3_p194-r0 || =1.9.3_p286-r0 || =1.9.3_p286-r1 || =1.9.3_p286-r2 || =1.9.3_p327-r0 || =1.9.3_p362-r0 || =1.9.3_p374-r0 || =1.9.3_p385-r0 || =1.9.3_p392-r0 || =2.0.0_p0-r0 || =2.0.0_p0-r1 || =2.0.0_p195-r0 || =2.0.0_p247-r0 || =2.0.0_p247-r1 || =2.0.0_p247-r2 || =2.0.0_p247-r3 || =2.0.0_p353-r0 || =2.0.0_p353-r1 || =2.0.0_p353-r2 || =2.0.0_p481-r0 || =2.1.5-r0 || =2.1.5-r1 || =2.2.1-r0 || =2.2.2-r0 || =2.2.2-r1 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.3.1-r0 || =2.3.1-r1 || =2.3.1-r2 || =2.3.2-r0 || =2.3.3-r0 || >=0 <2.3.5-r0 | 2.3.5-r0 |
1-10 of 28
10
Aliases
References
1. https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d322. https://hackerone.com/reports/2180883. https://usn.ubuntu.com/3553-14. https://usn.ubuntu.com/3685-15. https://web.archive.org/web/20170907040741/http://www.securityfocus.com/bid/1005866. https://web.archive.org/web/20170907215801/http://www.securitytracker.com/id/10392497. https://www.debian.org/security/2017/dsa-39668. http://blog.rubygems.org/2017/08/27/2.6.13-released.html
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.