GHSA-XH69-987W-HRP8 vulnerabilities

Vulnerabilities for packages: truffleruby, jruby, ruby...

CVE-2025-24294 vulnerabilities

Vulnerabilities for packages: truffleruby, jruby, ruby...

CVE-2025-6442 affecting package ruby for versions less than 3.1.7-2

CVE-2025-6442 affecting package ruby for versions less than 3.1.7-2. A patched version of the package is available...

CVE-2025-49828

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...

Directory Traversal

Overview measured is a package containing wrapper objects which encapsulate measurements and their associated units in Ruby. Affected versions of this package are vulnerable to Directory Traversal when initializing the Measured::Cache::Json class. An attacker can access arbitrary files by supplyi...

GHSA-XH69-987W-HRP8 resolv vulnerable to DoS via insufficient DNS domain name length validation

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed doma...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Improper Validation of Specified Quantity in Input

Overview resolv is a Thread-aware DNS resolver library in Ruby. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the getlabels function in the resolv.rb file. An attacker can cause excessive CPU resource consumption and make the applicatio...

AZL-65241 CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby, which stems from insufficient checking of the length of decompressed domain names in DNS packets, which could lead to a...

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

...

Azure Linux 3.0 Security Update: ruby (CVE-2024-43398)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML tha...

Azure Linux 3.0 Security Update: ruby / rubygem-webrick (CVE-2025-6442)

The version of ruby / rubygem-webrick installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6442 advisory. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remot...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-43398)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it...

CBL Mariner 2.0 Security Update: ruby / rubygem-webrick (CVE-2025-6442)

The version of ruby / rubygem-webrick installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6442 advisory. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remot...

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4

CVE-2025-6442 affecting package ruby for versions less than 3.3.5-4. A patched version of the package is available...

CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1

CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1

CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1. An upgraded version of the package is available that resolves this issue...