CVE-2018-1000077

Name of the Vulnerable Software and Affected Versions RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422

Description The issue is related to improper input validation in the RubyGems specification homepage attribute, which can result in a malicious gem setting an invalid homepage URL. This can lead to incorrect URL formation due to the improper handling of HTTP/FTP request parameters. Exploitation of this issue may allow a remote attacker to compromise data integrity.

Recommendations For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version later than 2.7.6.