rubygems-update is vulnerable to Improper Input Validation
58
Medium Risk
rubygems' gem installer was vulnerable to malicious executable/bin names being embedded into generated Ruby wrapper code, enabling Ruby code injection (leading to RCE) and also to bindir/executable path manipulation via insufficient validation. The patch escapes embedded filename characters and adds strict validation that bindir stays within the gem directory and executables are safe basenames. Bundler also includes a fix for cooldown filtering that could break dependency resolution (DoS), plus improved terminal/control-character sanitization.
You are affected if you are using a version that falls within the vulnerable range.
rubygems-update is vulnerable to Improper Input Validation in versions 2.2.0 - 4.0.13.
Upgrade the rubygems-update library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant