VYPR
High severityNVD Advisory· Published Jun 24, 2015· Updated Jun 17, 2026

CVE-2015-3900

CVE-2015-3900

Description

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rubygems-updateRubyGems
>= 2.0.0, < 2.0.162.0.16
rubygems-updateRubyGems
>= 2.2.0, < 2.2.42.2.4
rubygems-updateRubyGems
>= 2.4.0, < 2.4.72.4.7

Affected products

54

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.