Red Hat Bugzilla – Bug 1547425
CVE-2018-1000078 rubygems: XSS vulnerability in homepage attribute when displayed via gem server
Last modified: 2018-06-29 18:33:27 EDT
Cross-site scripting vulnerability in homepage attribute when displayed via gem server was found. Upstream fix: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb External References: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
Created rubygems tracking bugs for this issue: Affects: fedora-all [bug 1547431]
Statement: This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.