Description

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

Remediation

References

CVE-2017-0900

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2006-1498)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4053)

WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.20.2)

WordPress Plugin WP Events Calendar 'event_id' Parameter SQL Injection (6.5.2)

WordPress Plugin MailChimp List Subscribe Form Multiple Unspecified Vulnerabilities (1.1)

Severity

High

Classification

CVE-2017-0900 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities