RubyGems/bundler — 5 CVEs

CRITICAL9.8CVE-2016-7954Bundler allows attacker to inject arbitrary code via secondary Gem source

>= 1.0.0, < 2.0.0

HIGH8.8CVE-2020-36327Dependency Confusion in Bundler

>= 1.16.0, < 2.2.10

HIGH7.0CVE-2019-3881Insecure path handling in Bundler

>= 1.14.0, < 2.1.0

MEDIUM6.7rubygems - security update

from 0, < 2.2.33

—Bundler may install gems from a different source than expected

from 0, < 1.7.0

pkg:RubyGems/bundler