Contents

---
gem: rubygems-update
library: rubygems
cve: 2017-0902
url: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
title: RubyGems DNS request hijacking vulnerability
date: 2017-08-29
description: |
  RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking
  vulnerability that allows a MITM attacker to force the RubyGems client to
  down load and install gems from a server that the attacker controls.
cvss_v2: 6.8
patched_versions:
  - ">= 2.4.5.3"
  - ">= 2.5.2.1"
  - ">= 2.6.13"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/rubygems-update/CVE-2017-0902.yml