VDB

ALPINE-CVE-2017-0902

ALPINE-CVE-2017-0902 PUBLISHED CVSS 8.100000381469727 HIGH

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

Risk Scores

CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.16ruby0, 2.4.1-r5, 2.4.1-r4
Alpine:v3.21ruby0, 0, 0
Alpine:v3.18ruby0, 1.8.7_p160-r2, 1.8.7_p174-r1
Alpine:v3.14ruby0, 1.8.7_p160-r2, 1.8.7_p174-r0
Alpine:v3.10ruby0, 0, 2.4.1-r5
Alpine:v3.9ruby2.3.3-r0, 0, 2.4.1-r5
Alpine:v3.6ruby1.8.7_p160-r2, 0, 2.4.1-r3
Alpine:v3.13ruby2.0.0_p481-r0, 0, 1.8.7_p160-r2
Alpine:v3.4ruby0, 1.9.3_p286-r1, 1.9.3_p194-r0
Alpine:v3.3ruby1.8.7, *, 2.0.0_p353-r0
Alpine:v3.7ruby*, 2.3.2-r0, *
Alpine:v3.8ruby2.3.1-r2, 0, 2.4.1-r5
Alpine:v3.11ruby1.8.7_p352-r0, 0, 2.4.1-r5
Alpine:v3.17ruby1.9.3_p194-r0, 2.3.1-r1, 2.3.1-r2
Alpine:v3.5ruby1.8.7_p160-r3, 0, 1.8.7_p160-r2
Alpine:v3.15ruby2.2.4-r0, 2.3.1-r1, 2.3.1-r2
Alpine:v3.22ruby0, 0, 0
Alpine:v3.24ruby0
Alpine:v3.20ruby0, 0, 0
Alpine:v3.12ruby2.4.0-r3, 0, 2.4.1-r5

…and 2 more

Timeline

  • Aug 31, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›