Ruby is vulnerable to directory traversal vulnerability. This occurs during the gem installation which allows attacker to write arbitrary filesystem locations.
blog.rubygems.org/2018/02/15/2.7.6-released.html
access.redhat.com/errata/RHSA-2018:3729
access.redhat.com/errata/RHSA-2018:3730
access.redhat.com/errata/RHSA-2018:3731
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1650591
github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759
lists.debian.org/debian-lts-announce/2018/07/msg00012.html
usn.ubuntu.com/3621-1/
www.debian.org/security/2018/dsa-4219
www.debian.org/security/2018/dsa-4259