suse · CVE-2017-0903

Quick triage

Priority: medium Published: 2021-05-30 13:50:03 UTC Updated: 2026-04-18 15:49:25 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-0903 severity moderate: SUSE including 21 source package names (libruby2_1-2_1-2.1.9-19.3.2, ruby-2.0.0.648-33.el7_4, …), 144 product×package rows across 46 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-BYOS, … (46 product lines)): Fixed 140, Known Not Affected 4.

Description:

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

cvelogic Threat Intelligence