Multiple vulnerabilities were recently identified in RubyGems bundled by Ruby. Security fixes introduced into RubyGems
2.6.13 include patches for a DNS request highjacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that could allow a malicious gem to overwrite arbitrary files.
Users are encouraged to update as soon as possible. We recommend using Ruby
2.4.1, which has the patches from RubyGems