View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-1000073 severity moderate: SUSE including 301 source package names (2.17-17.3:libruby2_5-2_5-2.5.5-4.3.1, 2.17-17.3:ruby2.5-2.5.5-4.3.1, …), 1023 product×package rows across 255 product lines (Container bci/ruby, Container suse/rmt-server, … (255 product lines)): Fixed 842, Known Affected 157, Known Not Affected 24.
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.