Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2024:4499
HistoryJul 11, 2024 - 12:00 a.m.

Moderate: ruby security update

2024-07-1100:00:00
errata.almalinux.org
14
ruby
security fix
buffer overread
rce vulnerability
dos parsing
cve-2023-28755
cve-2024-27280
cve-2024-27281
cve-2024-27282
cve-2024-35176
object-oriented
scripting language
text files
system management.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • rubygem-uri: ReDoS vulnerability - upstream’s incomplete fix for CVE-2023-28755 (CVE-2023-36617)
  • ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)
  • ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)
  • ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)
  • REXML: DoS parsing an XML with many <s in an attribute value (CVE-2024-35176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8i686rubygem-bigdecimal< 1.3.4-112.module_el8.10.0+3871+342e2c2frubygem-bigdecimal-1.3.4-112.module_el8.10.0+3871+342e2c2f.i686.rpm
almalinux8noarchrubygem-net-telnet< 0.1.1-112.module_el8.10.0+3871+342e2c2frubygem-net-telnet-0.1.1-112.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8noarchrubygem-did_you_mean< 1.2.0-112.module_el8.10.0+3871+342e2c2frubygem-did_you_mean-1.2.0-112.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8noarchrubygem-bundler< 1.16.1-4.module_el8.10.0+3871+342e2c2frubygem-bundler-1.16.1-4.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8noarchrubygem-power_assert< 1.1.1-112.module_el8.10.0+3871+342e2c2frubygem-power_assert-1.1.1-112.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8noarchrubygem-abrt-doc< 0.3.0-4.module_el8.10.0+3871+342e2c2frubygem-abrt-doc-0.3.0-4.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8noarchrubygem-test-unit< 3.2.7-112.module_el8.10.0+3871+342e2c2frubygem-test-unit-3.2.7-112.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8i686ruby-libs< 2.5.9-112.module_el8.10.0+3871+342e2c2fruby-libs-2.5.9-112.module_el8.10.0+3871+342e2c2f.i686.rpm
almalinux8noarchrubygem-bundler-doc< 1.16.1-4.module_el8.10.0+3871+342e2c2frubygem-bundler-doc-1.16.1-4.module_el8.10.0+3871+342e2c2f.noarch.rpm
almalinux8noarchrubygem-bson-doc< 4.3.0-2.module_el8.5.0+2625+ec418553Packages/rubygem-bson-doc-4.3.0-2.module_el8.5.0+2625+ec418553.noarch.rpm
Rows per page:
1-10 of 731

Related

nessus 59
redhat 10
osv 33
rocky 7
oraclelinux 10
openvas 21
fedora 4
debian 2
slackware 1
almalinux 9
mageia 1
photon 1
ubuntu 2
cloudfoundry 2
nvd 2
redhatcve 2
ubuntucve 2
cvelist 3
rubygems 2
redos 1
debiancve 2
hackerone 2
cve 3
veracode 2
prion 1
github 2
cbl_mariner 6
cgr 2
wolfi 1
freebsd 1
vulnrichment 1
ibm 2
nessus
nessus
Rocky Linux 8 : ruby (RLSA-2024:4499)
2024-07-15 00:00:00
Oracle Linux 8 : ruby (ELSA-2024-4499)
2024-07-17 00:00:00
RHEL 8 : ruby (RHSA-2024:4499)
2024-07-11 00:00:00
redhat
redhat
(RHSA-2024:4499) Moderate: ruby security update
2024-07-11 11:24:57
(RHSA-2024:3546) Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-03 06:57:31
(RHSA-2024:3668) Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-06 08:23:56
osv
osv
Moderate: ruby security update
2024-07-15 12:17:49
Moderate: ruby security update
2024-07-11 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
rocky
rocky
ruby security update
2024-07-15 12:17:49
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 13:59:30
ruby:3.3 security, bug fix, and enhancement update
2024-06-14 13:59:30
oraclelinux
oraclelinux
ruby security update
2024-07-15 00:00:00
ruby:3.3 security, bug fix, and enhancement update
2024-06-07 00:00:00
ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-31cac8b8ec)
2024-05-27 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2024-48bdd3abbf)
2024-05-27 00:00:00
Fedora: Security Advisory (FEDORA-2024-14db7b21a2)
2024-05-27 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: ruby-3.2.4-182.fc39
2024-05-04 01:33:23
[SECURITY] Fedora 38 Update: ruby-3.2.4-182.fc38
2024-05-04 02:20:05
[SECURITY] Fedora 40 Update: ruby-3.3.1-7.fc40
2024-05-03 01:46:00
debian
debian
[SECURITY] [DSA 5677-1] ruby3.1 security update
2024-05-03 19:47:30
[SECURITY] [DLA 3858-1] ruby2.7 security update
2024-09-02 12:46:22
slackware
slackware
[slackware-security] ruby
2024-04-23 22:33:22
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-06 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2024-05-09 05:40:29
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0247
2024-04-16 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2024-06-17 00:00:00
Ruby vulnerabilities
2023-07-12 00:00:00
cloudfoundry
cloudfoundry
USN-6838-1: Ruby vulnerabilities | Cloud Foundry
2024-07-25 00:00:00
USN-6219-1: Ruby vulnerabilities | Cloud Foundry
2023-09-28 00:00:00
nvd
nvd
CVE-2023-36617
2023-06-29 13:15:09
CVE-2024-35176
2024-05-16 16:15:09
redhatcve
redhatcve
CVE-2023-36617
2023-07-13 11:36:22
CVE-2024-35176
2024-06-12 00:40:06
ubuntucve
ubuntucve
CVE-2023-36617
2023-06-29 00:00:00
CVE-2024-27281
2024-05-14 00:00:00
cvelist
cvelist
CVE-2023-36617
2023-06-29 00:00:00
CVE-2024-27282
1976-01-01 00:00:00
CVE-2024-35176 REXML contains a denial of service vulnerability
2024-05-16 15:13:25
rubygems
rubygems
ReDoS vulnerability in URI
2023-06-28 21:00:00
REXML contains a denial of service vulnerability
2024-05-15 21:00:00
redos
redos
ROS-20240826-12
2024-08-26 00:00:00
debiancve
debiancve
CVE-2023-36617
2023-06-29 13:15:09
CVE-2024-35176
2024-05-16 16:15:09
hackerone
hackerone
Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)
2023-07-17 05:09:41
Internet Bug Bounty: [CVE-2024-35176] DoS vulnerability in REXML
2024-08-07 20:47:47
cve
cve
CVE-2023-36617
2023-06-29 13:15:09
CVE-2024-35176
2024-05-16 16:15:09
CVE-2024-27280
2024-05-14 15:11:56
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-30 03:59:11
Denial Of Service (DoS)
2024-05-21 07:21:39
prion
prion
Design/Logic Flaw
2023-06-29 13:15:00
github
github
URI gem has ReDoS vulnerability
2023-06-29 15:30:34
REXML contains a denial of service vulnerability
2024-05-16 17:44:04
cbl_mariner
cbl_mariner
CVE-2024-35176 affecting package ruby for versions less than 3.3.3-1
2024-08-25 15:13:42
CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.7-1
2024-06-12 22:23:00
CVE-2023-36617 affecting package ruby for versions less than 3.1.4-2
2023-08-30 14:44:06
cgr
cgr
CVE-2024-35176 vulnerabilities
2024-05-19 03:07:16
CVE-2023-36617 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-35176 vulnerabilities
2024-09-18 21:11:55
freebsd
freebsd
ruby -- Arbitrary memory address read vulnerability with Regex search
2024-04-23 00:00:00
vulnrichment
vulnrichment
CVE-2024-35176 REXML contains a denial of service vulnerability
2024-05-16 15:13:25
ibm
ibm
Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176).
2024-08-01 17:31:34
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.6
2024-08-29 18:55:21

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON
Related for ALSA-2024:4499
nessus59redhat10osv33rocky7oraclelinux10openvas21fedora4debian2slackware1almalinux9mageia1photon1ubuntu2cloudfoundry2nvd2redhatcve2ubuntucve2cvelist3rubygems2redos1debiancve2hackerone2cve3veracode2prion1github2cbl_mariner6cgr2wolfi1freebsd1vulnrichment1ibm2