All 6 CVE vulnerabilities found in rubygems.org, with AI-generated Chinese analysis, references, and POCs.
Vendor: rubygems
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-35221 | Denial of service when publishing a package on rubygems.org CWE-400 | 4.3 | Medium | 2024-05-29 |
| CVE-2024-21654 | rubygems.org MFA Bypass through password reset function could allow account takeover CWE-287 | 4.8 | Medium | 2024-01-12 |
| CVE-2023-40165 | Unauthorized gem replacement for full names ending in numbers on rubygems.org CWE-20 | 7.4 | High | 2023-08-17 |
| CVE-2022-36073 | RubyGems allows creation of users with arbitrary unverified emails CWE-287 | 8.3 | High | 2022-09-07 |
| CVE-2022-29218 | Unauthorized takeover for new versions of some platform-specific gems CWE-269 | 7.7 | High | 2022-05-12 |
| CVE-2022-29176 | Unauthorized gem takeover for some gems on rubygems.org CWE-862 | 9.9 | Critical | 2022-05-05 |
All 6 known CVE vulnerabilities affecting rubygems.org with full Chinese analysis, references, and POCs where available.