CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

References

Affected packages

Git / github.com/ruby/rubygems

Affected ranges

Type: GIT
Repo: https://github.com/ruby/rubygems
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ad5c0a53a86ca5b218c7976765c0365b91d22cb2

Affected versions

v1.*

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.8.0

v1.8.1

v1.8.2

v2.*

v2.0.0

v2.0.0.preview2

v2.0.0.preview2.1

v2.0.0.preview2.2

v2.0.0.rc.1

v2.0.0.rc.2

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.0.rc.1

v2.1.0.rc.2

v2.1.1

v2.1.2

v2.1.3

v2.2.0.preview.1

v2.2.0.rc.1

v2.2.1

v2.3.0

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0901.json"

Git / github.com/rubygems/rubygems

Affected ranges

Type: GIT
Repo: https://github.com/rubygems/rubygems
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0901.json"