CVE-2017-0900

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-0900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-0900
Aliases
Downstream
Related
Published
2017-08-31T20:29:00Z
Modified
2025-10-10T00:52:46.980420Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command.

References

Affected packages

Git / github.com/rubygems/rubygems

Affected ranges

Type
GIT
Repo
https://github.com/rubygems/rubygems
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251

Affected versions

v1.*

v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2

v2.*

v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.10
v2.6.11
v2.6.12
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9