View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2015-3900 severity moderate: SUSE including 39 source package names (4.0.0:libruby2_1-2_1-2.1.9-15.1, 4.0.0:ruby2.1-2.1.9-15.1, …), 306 product×package rows across 83 product lines (Container caasp/v4/velum, HPE Helion OpenStack 8, … (83 product lines)): Known Not Affected 180, Fixed 126.
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."