VDB
CVE-2015-4020
CVE-2015-4020
PUBLISHED
EPSS 0.52% · 67.3th percentile
Risk Scores
EPSS Score
0.52%
67.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | ruby21 | |
| Amazon | ruby20 | |
| Amazon | ruby22 |
Exploit Intelligence
- Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier (hackerone)
- Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier (hackerone)
- Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier (hackerone)
- http://blog.rubygems.org/2015/06/08/2.2.5-released.html (circl)
- https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/ (circl)
- 75431 (circl)
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478 (circl)
- http://blog.rubygems.org/2015/06/08/2.4.8-released.html (circl)
- https://github.com/rubygems/rubygems/commit/5c7bfb5 (circl)
- https://puppet.com/security/cve/CVE-2015-3900 (circl)
…and 1 more exploits
Timeline
- CVE Published
- Aug 30, 2017 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- ALAS-2015-547: ruby20 (medium) advisory
- ALAS-2015-548: ruby21 (medium) advisory
- ALAS-2015-549: ruby22 (medium) advisory