gollum (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package gollum, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2014-9489 — CVSS 8.8 (high): The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the…
CVE-2020-35305 — CVSS 6.1 (medium): Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.
CVE-2015-7314 — CVSS 4.3 (medium): The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain…