First published: Wed Feb 21 2018(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rubygems Rubygems | <=2.2.9 | |
Rubygems Rubygems | <=2.3.6 | |
Rubygems Rubygems | <=2.4.3 | |
Rubygems Rubygems | <=2.5.0 | |
Debian Debian Linux | =7.0 | |
redhat/rubygems | <2.7.6 | 2.7.6 |
debian/jruby | 9.3.9.0+ds-8 9.4.8.0+ds-1 | |
debian/rubygems | 3.2.5-2 3.3.15-2 3.4.20-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1000077 is an Improper Input Validation vulnerability in RubyGems.
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier are affected by CVE-2018-1000077.
CVE-2018-1000077 has a severity level of medium.
To fix CVE-2018-1000077, update RubyGems to the latest version available.
You can find more information about CVE-2018-1000077 at the following links: [CVE-2018-1000077 on RubyGems Blog](http://blog.rubygems.org/2018/02/15/2.7.6-released.html), [CVE-2018-1000077 on GitHub](https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964), [CVE-2018-1000077 on Debian LTS](https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html).