SUSE CVE-2025-6442

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

PT-2025-26617 · Ruby +1 · Ruby Webrick +1

Name of the Vulnerable Software and Affected Versions: Ruby WEBrick affected versions not specified Description: The issue concerns an HTTP Request Smuggling Vulnerability in Ruby WEBrick's read header function. No information is provided about the estimated number of potentially affected devices...

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the readheaders method. The issue...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Nokogiri 安全漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in Nokogiri 1.18.7 and earlier versions, which stems from a heap buffer overflow in the function hashmapgetwithhash in the file gumbo-parser/src/hashmap.c. The vulnerability is caused by ...

K000151740: Ruby vulnerability CVE-2024-47220

Security Advisory Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to multiple Vulnerabilities due to Ruby package

Summary Potential vulnerabilities in Ruby package has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2020-10663 DESCRIPTION: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through...

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

ROS-20250619-02

A vulnerability in the Net::IMAP module of the Ruby programming language is related to uncontrolled memory allocation. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to gain unauthorized access and modify protected information.

The vulnerability of the Ruby interpreter’s Rack module interface is related to the failure to handle CRLF sequences properly. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access and modify protected information...

Malicious code in jdbc-zzz (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Astra Linux - уязвимость в ruby3.1

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

TencentOS Server 3: ruby:3.1 (TSSA-2024:1113)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1113 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: ruby:2.5 (TSSA-2024:1115)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1115 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: ruby:3.1 (TSSA-2024:0235)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0235 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

ROS-20250616-03

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to insufficient insufficient validation of data provided by an attacker in Rack::CommonLogger. Exploitation of the vulnerability could Allow an attacker acting remotely to manipulate data log entr...

TencentOS Server 3: pcs (TSSA-2023:0189)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0189 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: ruby (TSSA-2024:0632)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0632 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...