GHSA-RRQH-93C8-J966 Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...

RockyLinux 9 : ruby:3.1 (RLSA-2025:4488)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4488 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...

Medium: ruby

Issue Overview: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific...

PT-2025-31391

Name of the Vulnerable Software and Affected Versions: ruby-saml versions 1.18.0 and below Description: The Ruby SAML library, used for implementing the client side of a SAML authorization, contains a denial-of-service vulnerability. The message max bytesize setting, intended to prevent resource...

Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...

Ruby SAML 安全漏洞

Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A security vulnerability exists in Ruby SAML version 1.18.0 and earlier, which stems from validating the Base64 format of a SAML response before checking the message size, and could lead to resource...

RLSA-2025:4493 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...

ruby:3.3 security update

An update is available for module.ruby, rubygem-pg, ruby, module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

ruby:3.1 security update

An update is available for module.ruby, rubygem-pg, ruby, module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

RLSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

ruby security update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

RLSA-2025:4487 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 For more details...

ruby:3.1 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2025:4063 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

ruby:2.5 security update

An update is available for module.ruby, module.rubygem-abrt, rubygem-bundler, module.rubygem-pg, module.rubygem-bson, rubygem-pg, module.rubygem-mongo, module.rubygem-mysql2, rubygem-bson, module.rubygem-bundler, rubygem-mysql2, rubygem-abrt, ruby, rubygem-mongo. This update affects Rocky Linux 8...

RLSA-2025:10217 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...

ruby:3.3 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

The vulnerability of the websocket-extensions module in the Ruby programming language allows a hacker to trigger a service failure.

The vulnerability of the websocket-extensions module in the Ruby programming language is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Malicious code in message_gateway (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2781d258b292d5959839a52e0e940040defaae1ecbb1293c0d149dc5f6faf110 The OpenSSF Package Analysis project identified 'messagegateway' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The packag...