debian · CVE-2015-3900

Quick triage

Priority: unimportant 公開: Updated: Sun, 19 Jul 2026 12:01:35 GMT

参照: Official debian advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-3900 unimportant priority: Debian including 2 source packages (jruby, rubygems), 9 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 9.

Description:

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

cvelogic Threat Intelligence