CVE-2017-0903 - AskarLabs CVE Database

CVE-2017-0903

Vendor Hackerone

Product RubyGems

Weakness CWE-502 · Unsafe deserialization

Published October 11, 2017

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

Key dates

02Disclosure timeline

October 11, 2017 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-0903

Related vulnerabilities

04Related CVE

CVE-2026-25030 WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability CVE-2023-35388 Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability