![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWHuWJ4r03C9APFMLI3xZsAXPgG4JowAPhBzE0ocBKL-wixhsiV1xn1efqNWSV9QAEDBEqx1Hd1TaLZdH2aT8u7yoU47gGrbyF1L_VrxB8XoiiBsV_Fq935B6wLMLE6H7MMguBUTboHac/s200/rubystack-stack-220x234.png)
- A DNS request hijacking vulnerability
- An ANSI escape sequence vulnerability
- A DoS vulnerability in the query command
- A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
The following versions are affected:
- Ruby 2.2.7 and earlier
- Ruby 2.3.4 and earlier
- Ruby 2.4.1 and earlier
At this time, there are no Ruby releases with the fix for RubyGems. It is strongly recommended to apply one of the following workarounds:
- Upgrade RubyGems to the latest version (2.6.13) by executing:
$ gem update --system
- Apply the patch for your version:
You can find more info about this issue in the links below:
RubyGems project
Hacker News
If you have further questions about Ruby or this security issue, please post to our community forums and we will be happy to help you.