Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0901 — Path Traversal in Rubygems

CWE-22 — Path Traversal CWE-20 — Improper Input Validation CWE-138 — Improper Neutralization of Special Elements18 documents9 sources

Severity

7.5HIGHNVD

OSV9.1

EPSS

18.6%

top 4.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Rubygems Hackerone Rubygems Canonical Ubuntu Linux +7 more

Timeline

PublishedAug 31

Latest updateMay 13

Description

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶Debianrubygems/rubygems< 3.2.0~rc.1-1+3

▶NVDrubygems/rubygems2.6.12

▶CVEListV5hackerone/rubygemsVersions before 2.6.13

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: blog.rubygems.org ↗Patch: github.com ↗Patch: hackerone.com ↗

🔴Vulnerability Details

OSV

RubyGems may allow a maliciously crafted gem to overwrite files↗2022-05-13

▶

GHSA

RubyGems may allow a maliciously crafted gem to overwrite files↗2022-05-13

▶

OSV

ruby2.0 regression↗2021-03-25

▶

OSV

ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities↗2018-06-13

▶

OSV

ruby2.3 vulnerabilities↗2018-01-31

▶

💥Exploits & PoCs

Exploit-DB

RubyGems < 2.6.13 - Arbitrary File Overwrite↗2017-09-04

▶

📋Vendor Advisories

Ubuntu

Ruby regression↗2021-03-25

▶

Ubuntu

Ruby vulnerabilities↗2018-06-13

▶

Ubuntu

Ruby vulnerabilities↗2018-01-31

▶

Ubuntu

Ruby vulnerabilities↗2017-10-05

▶

Red Hat

rubygems: Arbitrary file overwrite due to incorrect validation of specification name↗2017-09-01

▶

💬Community

Bugzilla

CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 rubygems: various flaws [fedora-all]↗2017-09-01

▶

Bugzilla

CVE-2017-0901 rubygems: Arbitrary file overwrite due to incorrect validation of specification name↗2017-09-01

▶