cpe:/a:rubygems:rubygems:2.6.12 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.4 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:7.0 CVE-2017-0900 2017-08-31T16:29:00.510-04:00 2019-05-13T10:31:40.837-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2019-05-02T13:55:33.390-04:00 BID 100579 SECTRACK 1039249 DEBIAN DSA-3966 GENTOO GLSA-201710-01 REDHAT RHSA-2017:3485 REDHAT RHSA-2018:0378 REDHAT RHSA-2018:0583 REDHAT RHSA-2018:0585 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update MISC http://blog.rubygems.org/2017/08/27/2.6.13-released.html MISC https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 MISC https://hackerone.com/reports/243003 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.