DEBIAN-CVE-2017-0903

DEBIAN-CVE-2017-0903 PUBLISHED CVSS 9.800000190734863 CRITICAL

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	rubygems	0, 0, 0
Debian:14	rubygems	0, 0, 0
Debian:13	rubygems	0, 0, 0
Debian:12	rubygems	0, 0, 0

Timeline

Oct 11, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-0903 advisory

Open in Interactive Console →