VYPR
Critical severity9.8NVD Advisory· Published Oct 11, 2017· Updated Jun 17, 2026

CVE-2017-0903

CVE-2017-0903

Description

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rubygems-updateRubyGems
>= 2.0.0, < 2.6.142.6.14

Affected products

110

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.