Nmalkin

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to improper input validation in the RubyGems specification homepage attribute, which can result in a malicious gem setting an invalid homepage URL. This can lead to incorrect URL formation due to the improper handling of HTTP/FTP request parameters. Exploitation of this issue may allow a remote attacker to compromise data integrity. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version later than 2.7.6.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions prior to 2.7.6 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability in the gem server display of the homepage attribute. This vulnerability can be exploited when a victim browses to a malicious gem on a vulnerable gem server, potentially allowing a remote attacker to cause a denial of service. The vulnerability is related to the `homepage` attribute. **Recommendations** For versions prior to 2.7.6, update to version 2.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the gem server to minimize the risk of exploitation. Avoid browsing to untrusted gems on vulnerable gem servers until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to an Improper Verification of Cryptographic Signature vulnerability in package.rb, which can result in a mis-signed gem being installed. This occurs because the tarball would contain multiple gem signatures. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version newer than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version newer than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version newer than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version newer than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version newer than 2.7.6.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to a Directory Traversal vulnerability in the `install location` function of `package.rb`. This vulnerability can result in path traversal when writing to a symlinked basedir outside of the root. The vulnerability exists due to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to access arbitrary files. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a revision later than 62422 or to a version later than 2.7.6. As a temporary workaround, consider restricting access to the `install location` function of `package.rb` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to the deserialization of untrusted data in the owner command of the RubyGems package management system. This can be exploited by an attacker to execute arbitrary code using a specially crafted YAML file. The attack requires the victim to run the `gem owner` command on a gem with the malicious YAML file. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version later than 2.7.6. As a temporary workaround, consider avoiding the use of the `gem owner` command on untrusted gems until the issue is resolved.