Mame

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.6.12 and earlier **Description** The issue allows maliciously crafted gem specifications that include terminal escape characters to execute terminal escape sequences when the gem specification is printed. This could potentially lead to unintended consequences. **Recommendations** For RubyGems versions 2.6.12 and earlier, update to version 2.6.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.6.12 and earlier **Description** The issue allows maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. **Recommendations** For RubyGems versions 2.6.12 and earlier, update to a version later than 2.6.12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.6.12 and earlier **Description** The issue exists due to insufficient input validation in the package manager. Exploitation of this issue may allow a remote attacker to overwrite any file on the filesystem. A maliciously crafted gem can potentially be used to achieve this. **Recommendations** For RubyGems versions 2.6.12 and earlier, consider updating to a version that fixes the specification name validation issue to prevent potential file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.