Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
RubyGems Deserialization of Untrusted Data Vulnerability - CVE-2017-0903 - Vulnerability Database
RubyGems

RubyGems Deserialization of Untrusted Data Vulnerability - CVE-2017-0903

Critical
Reference: CVE-2017-0903
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-0903
Title: RubyGems Deserialization of Untrusted Data Vulnerability
Overview:

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.