---
gem: rubygems-update
library: rubygems
cve: 2017-0900
url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
title: RubyGems DoS vulnerability in the query command
date: 2017-08-29
description: |
  RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem
  specifications to cause a denial of service attack against RubyGems clients
  who have issued a `query` command.
cvss_v2: 5.0
patched_versions:
  - ">= 2.4.5.3"
  - ">= 2.5.2.1"
  - ">= 2.6.13"