RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
The product does not properly verify that the source of data or communication is valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rubygems | Rubygems | * | 2.6.12 (including) |
| Red Hat Enterprise Linux 7 | RedHat | ruby-0:2.0.0.648-33.el7_4 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-ruby24-ruby-0:2.4.2-86.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-ruby22-ruby-0:2.2.9-19.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-ruby23-ruby-0:2.3.6-67.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-ruby24-ruby-0:2.4.2-86.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-ruby22-ruby-0:2.2.9-19.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-ruby23-ruby-0:2.3.6-67.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby24-ruby-0:2.4.2-86.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby22-ruby-0:2.2.9-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby23-ruby-0:2.3.6-67.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-ruby24-ruby-0:2.4.2-86.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-ruby22-ruby-0:2.2.9-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-ruby23-ruby-0:2.3.6-67.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-ruby24-ruby-0:2.4.2-86.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-ruby22-ruby-0:2.2.9-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-ruby23-ruby-0:2.3.6-67.el7 | * |
| Jruby | Ubuntu | artful | * |
| Jruby | Ubuntu | bionic | * |
| Jruby | Ubuntu | cosmic | * |
| Jruby | Ubuntu | disco | * |
| Jruby | Ubuntu | eoan | * |
| Jruby | Ubuntu | esm-apps/bionic | * |
| Jruby | Ubuntu | esm-apps/focal | * |
| Jruby | Ubuntu | esm-apps/xenial | * |
| Jruby | Ubuntu | focal | * |
| Jruby | Ubuntu | groovy | * |
| Jruby | Ubuntu | hirsute | * |
| Jruby | Ubuntu | impish | * |
| Jruby | Ubuntu | lunar | * |
| Jruby | Ubuntu | mantic | * |
| Jruby | Ubuntu | trusty | * |
| Jruby | Ubuntu | xenial | * |
| Jruby | Ubuntu | zesty | * |
| Ruby2.0 | Ubuntu | trusty | * |
| Ruby2.3 | Ubuntu | artful | * |
| Ruby2.3 | Ubuntu | xenial | * |
| Ruby2.3 | Ubuntu | zesty | * |