RubyGems versions 2.6.12 and earlier fail to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
{ "nvd_published_at": "2017-08-31T20:29:00Z", "cwe_ids": [ "CWE-20", "CWE-22" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-03-09T00:38:35Z" }