There are multiple vulnerabilities in RubyGems bundled by Ruby. It is reported at the official blog of RubyGems.
The following vulnerabilities have been reported.
It is strongly recommended for Ruby users to take one of the following workarounds as soon as possible.
At this moment, there are no Ruby releases including the fix for RubyGems. But you can upgrade RubyGems to the latest version. RubyGems 2.6.13 or later includes the fix for the vulnerabilities.
gem update --system
If you can’t upgrade RubyGems, you can apply the following patches as a workaround.
About the trunk, update to the latest revision.
This report is based on the official blog of RubyGems.
Originally published at 2017-08-29 12:00:00 UTC