关键字【RubyGems】的搜索结果共15记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2018-08-09 $ reed Malware in `active-support` gem RubyGems Command Injection - Generic
2018-08-03 $1000.0 plover Gem signature forgery RubyGems Cryptographic Issues - Generic
2018-03-22 $ nmalkin Installer can modify other gems if gem name is specially crafted RubyGems Path Traversal
2018-03-01 $ plover Negative size in tar header causes infinite loop RubyGems Denial of Service
2018-02-22 $ ysx [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec RubyGems Cross-site Scripting (XSS) - Stored
2017-11-09 $1500.0 max Remote code execution on rubygems.org RubyGems Deserialization of Untrusted Data
2017-08-31 $ mame No limit of summary length allows Denail of Service RubyGems Denial of Service
2017-08-31 $1000.0 mame Installing a crafted gem package may create or overwrite files RubyGems Path Traversal
2017-08-30 $1000.0 claudijd Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier RubyGems Code Injection
2017-08-30 $500.0 mame Escape sequence injection in "summary" field RubyGems Command Injection - Generic
2017-03-06 $ ahsan Possible Subdomain Takeover at http://production.s3.rubygems.org/ pointing to Fastly RubyGems none
2016-10-17 $ eterm Login credentials transmitted in cleartext on index.rubygems.org RubyGems Violation of Secure Design Principles
2016-10-17 $ ven0ms Invalid username updating RubyGems none
2016-10-04 $ c0rte Password Reset emails missing TLS leads account takeover RubyGems Improper Authentication - Generic
2015-05-14 $1500.0 claudijd Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier RubyGems none