Summary

Tenable has updated the Ruby gem enumeration plugins to reduce false positives and to better identify vulnerabilities when multiple packages are present on the scan target.

Change

Before this update, the Ruby gem enumeration plugins did not attempt to associate detected packages with an RPM or DEB package managed by the Linux distribution. This would cause some packages to report vulnerabilities both based on a Linux distribution vendor’s advisory and a CVE advisory from the Ruby gem maintainer. Some gems that are symbolically linked across the filesystem could be detected multiple times.

After this update, these issues have been addressed. Vulnerable Ruby gems on Linux assets will be assessed to determine if they are managed by a Linux distribution’s package manager, and if so, will be marked as “Managed” and will not report a vulnerability, unless the [Override normal Accuracy] setting to Show potential false alarms setting is enabled for the scan. Gems that are symbolically linked will be followed to the source file; duplicate detections will be eliminated.

The gem enumeration plugins will no longer report the list of detected gems in plugin output; rather, they will use only internal storage mechanisms to record the detected gems, so that Ruby vulnerability plugins can continue to use that data for version checks.

Impact

Most customers will notice a reduction in the volume of Ruby gem vulnerabilities reported. 

Detection plugins

240646 - Ruby Gem Modules Installed (macOS)

207584 - Ruby Gem Modules Installed (Linux)

207585 - Ruby Gem Modules Installed (Windows)

Target Release Date

March 2, 2026