What the vulnerability does

01Description

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

Key dates

02Disclosure timeline

August 31, 2017 CVE published
September 16, 2024 Record updated