RubyGem Vulnerabilities

  • Brandon Maxwell
  • August 31, 2017

Multiple vulnerabilities were recently identified in RubyGems bundled by Ruby. Security fixes introduced into RubyGems 2.6.13 include patches for a DNS request highjacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that could allow a malicious gem to overwrite arbitrary files.

Users are encouraged to update as soon as possible. We recommend using Ruby 2.4.1, which has the patches from RubyGems 2.6.13 included.