cpe:/a:rubygems:rubygems:2.2.9 cpe:/a:rubygems:rubygems:2.3.6 cpe:/a:rubygems:rubygems:2.4.3 cpe:/a:rubygems:rubygems:2.5.0 CVE-2018-1000073 2018-03-13T11:29:00.427-04:00 2018-11-30T06:29:03.097-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov DEBIAN DSA-4219 DEBIAN DSA-4259 REDHAT RHSA-2018:3729 REDHAT RHSA-2018:3730 REDHAT RHSA-2018:3731 REDHAT RHSA-2019:2028 UBUNTU USN-3621-1 MLIST [debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update MISC http://blog.rubygems.org/2018/02/15/2.7.6-released.html MISC https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 SUSE openSUSE-SU-2019:1771 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.