The new RubyGems 2.7.6 release addresses several vulnerabilities in Ruby Gems and implements several security improvements. The updates prevent path traversal when writing to a symlinked basedir outside of the root and during gem installation. They also address a cross-site scripting (XSS) vulnerability in the homepage attribute when displayed via gem server and an Unsafe Object Deserialization issue in gem owner. To update to the latest RubyGem you can run:gem update –system update.”]
Source: https://securityaffairs.co/wordpress/69290/security/rubygems-2-7-6.html