Ruby announced some CVEs recently for certain RubyGems versions. It doesn’t appear that the docker containers have been updated yet:
$ docker pull circleci/ruby:2.6.1 2.6.1: Pulling from circleci/ruby Digest: sha256:6e7c310c2aafcb504adde04ce9202d52da8da0bfdb40cceed3204094851d4ab1 Status: Image is up to date for circleci/ruby:2.6.1 ~/Workbench $ docker run -it --rm circleci/ruby:2.6.1 gem -v 3.0.1
Would expect 3.0.3 to be the output above, in order to fix you would need to run
gem update --system.
This also applies to Ruby 2.4 and 2.5.
Let me know if I can be of assistance in anyway.