Lucene search
HackeroneCVELIST:CVE-2017-0901HistoryAug 27, 2017 - 12:00 a.m.
CVE-2017-0901
2017-08-2700:00:00
CWE-22
hackerone
www.cve.org
2
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CNA Affected
[
{
"product": "RubyGems",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "Versions before 2.6.13"
}
]
}
]References
blog.rubygems.org/2017/08/27/2.6.13-released.html
www.securityfocus.com/bid/100580
www.securitytracker.com/id/1039249
access.redhat.com/errata/RHSA-2017:3485
access.redhat.com/errata/RHSA-2018:0378
access.redhat.com/errata/RHSA-2018:0583
access.redhat.com/errata/RHSA-2018:0585
github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2
hackerone.com/reports/243156
lists.debian.org/debian-lts-announce/2018/07/msg00012.html
security.gentoo.org/glsa/201710-01
usn.ubuntu.com/3553-1/
usn.ubuntu.com/3685-1/
www.debian.org/security/2017/dsa-3966
www.exploit-db.com/exploits/42611/
Related
prion
prion
Design/Logic Flaw
2017-08-31 20:29:00
cve
cve
CVE-2017-0901
2017-08-31 20:29:00
github
github
RubyGems may allow a maliciously crafted gem to overwrite files
2022-05-13 01:38:26
redhatcve
redhatcve
CVE-2017-0901
2019-10-11 16:47:30
nvd
nvd
CVE-2017-0901
2017-08-31 20:29:00
hackerone
hackerone
RubyGems: Installing a crafted gem package may create or overwrite files
2017-06-26 09:14:48
zdt
zdt
RubyGems < 2.6.13 - Arbitrary File Overwrite Exploit
2017-09-04 00:00:00
osv
osv
CVE-2017-0901
2017-08-31 20:29:00
RubyGems may allow a maliciously crafted gem to overwrite files
2022-05-13 01:38:26
rubygems - security update
2017-09-26 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2017-0901
2017-08-31 20:29:00
veracode
veracode
Input Validation
2019-05-16 02:16:34
alpinelinux
alpinelinux
CVE-2017-0901
2017-08-31 20:29:00
debian
debian
[SECURITY] [DLA 1112-1] rubygems security update
2017-09-27 02:19:34
[SECURITY] [DSA 3966-1] ruby2.3 security update
2017-09-05 20:17:58
[SECURITY] [DLA 1114-1] ruby1.9.1 security update
2017-09-26 21:16:53
nessus
nessus
Debian DLA-1112-1 : rubygems security update
2017-09-27 00:00:00
Ubuntu 16.04 LTS : Ruby vulnerabilities (USN-3553-1)
2018-02-01 00:00:00
Fedora 26 : rubygems (2017-20214ad330)
2017-09-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1112-1)
2018-02-06 00:00:00
Ubuntu: Security Advisory (USN-3553-1)
2018-10-26 00:00:00
Fedora Update for rubygems FEDORA-2017-20214ad330
2017-09-10 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2018-01-31 00:00:00
Ruby vulnerabilities
2017-10-05 00:00:00
Ruby regression
2021-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: rubygems-2.6.13-100.fc27
2017-09-30 07:26:40
[SECURITY] Fedora 26 Update: rubygems-2.6.13-100.fc26
2017-09-09 23:57:10
[SECURITY] Fedora 25 Update: ruby-2.3.4-64.fc25
2017-09-16 03:24:34
f5
f5
gentoo
gentoo
RubyGems: Multiple vulnerabilities
2017-10-08 00:00:00
mageia
mageia
Updated ruby-RubyGems packages fix security vulnerabilities
2017-12-31 18:14:43
slackware
slackware
[slackware-security] ruby
2017-09-18 19:20:47
redhat
redhat
(RHSA-2017:3485) Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
2017-12-19 08:13:07
(RHSA-2018:0585) Important: rh-ruby23-ruby security, bug fix, and enhancement update
2018-03-26 09:13:23
(RHSA-2018:0378) Important: ruby security update
2018-02-28 16:24:33
amazon
amazon
Medium: ruby22, ruby23
2017-10-02 17:01:00
Medium: ruby24
2017-10-26 17:01:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ruby affect PowerKVM
2018-06-18 01:42:18
oraclelinux
oraclelinux
ruby security update
2018-02-28 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2018-03-10 11:53:01