Security Advisory

CVE-2017-0903

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-11 18:00:00

Last updated 2024-09-17 03:54:57

Assigner hackerone

State PUBLISHED

Description

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

← Browse all CVEs View on cve.org ↗