Damir Sharipov

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 1.8.24 through 1.8.25 RubyGems versions 2.0.x through 2.0.7 RubyGems versions 2.1.x through 2.1.0 RubyGems version 1.8.23 and earlier **Description** The issue allows remote attackers to cause a denial of service via a crafted gem version that triggers a large amount of backtracking in a regular expression in the `Gem::Version::VERSION PATTERN` in `lib/rubygems/version.rb`. This can lead to CPU consumption. **Recommendations** For RubyGems versions 1.8.24 through 1.8.25, update to version 1.8.26 or later. For RubyGems versions 2.0.x through 2.0.7, update to version 2.0.8 or later. For RubyGems versions 2.1.x through 2.1.0, update to version 2.1.1 or later. For RubyGems version 1.8.23 and earlier, update to version 1.8.23.1 or later. As a temporary workaround, consider restricting the use of the `Gem::Version::VERSION PATTERN` until a patch is available.