Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1131)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1131 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.An attacker can craft a...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1115)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1115 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

OESA-2025-1930 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Webrick is an open source HTTP server toolkit for The Ruby Programming Language. Webrick has an...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Malicious code in webpack-dev-server (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in maventa_utils (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in icaret (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2390fae7771a778a8bf020a3313113b56c56383c2178d916748a8d959678c9e The OpenSSF Package Analysis project identified 'icaret' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

Jwt 安全漏洞

jwt is a Ruby library for JSON Web Token open source. A security vulnerability exists in Jwt version v5.4.3, which stems from weak encryption...

Amazon Linux 2 : ruby (ALAS-2025-2931)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2931 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTT...

XML Entity Expansion

Overview Affected versions of this package are vulnerable to XML Entity Expansion via the messagemaxbytesize setting configured in the decoderawsaml function. An attacker can cause resource exhaustion by submitting a specially crafted large SAML response that is validated for Base64 format before...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

DEBIAN-CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

UBUNTU-CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572

CVE-2025-54572 is a DoS in the Ruby SAML library used for SAML client-side assertions. The initial description states affected versions are ≤1.18.0 with a fix in 1.18.1. A Debian LTS advisory confirms a patch and provides a Debian-specific fix version (1.11.0-1+deb11u3) and recommends upgrading t...

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...