ADVISORIES
GEM
LIBRARY
SEVERITY
CVSS v3.x: 9.8 (Critical)
CVSS v2.0: 7.5 (High)
UNAFFECTED VERSIONS
- < 2.0.0
PATCHED VERSIONS
- >= 2.6.14
DESCRIPTION
There is a possible unsafe object deserialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.