MGASA-2017-0482

Advisory lineage Upstream: 5 Downstream: 0

Upstream

CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903

Published: 31 Dec 2017, 15:14

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

31 Dec 2017, 15:14

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated ruby-RubyGems packages fix security vulnerabilities An ANSI escape sequence vulnerability (CVE-2017-0899). A DoS vulnerability in the query command (CVE-2017-0900). A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files (CVE-2017-0901). A DNS request hijacking vulnerability (CVE-2017-0902). An unsafe object deserialization vulnerability that allows an attacker to inject an instance of an object of their choosing in the target system. A clever attacker can inject an object that is able to interact with the system in such a way that will allow the attacker to execute arbitrary code (CVE-2017-0903).

Affected Systems

mageia•ruby-RubyGems
< 2.1.11-5.2.mga5
mageia•ruby-RubyGems
< 2.4.8-7.1.mga6

MGASA-2017-0482

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)