GHSA-47M2-26RW-J2JW vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.4-rails, logstash, ruby3.2-rails...

GHSA-47M2-26RW-J2JW vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.2-rails, ruby3.3-rails...

CVE-2025-49007 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.2-rails, ruby3.3-rails...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via Ruby)

Execute an OS command from PHP. Connect back and create a command shell via Ruby, uses SSL Module Options msf use payload/php/unix/cmd/reverserubyssl msf payloadreverserubyssl show actions ...actions... msf payloadreverserubyssl set ACTION msf payloadreverserubyssl show options ...show and set...

OS Command Exec, Unix Command Shell, Bind TCP (via Ruby)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via Ruby Module Options msf use payload/php/unix/cmd/bindruby msf payloadbindruby show actions ...actions... msf payloadbindruby set ACTION msf payloadbindruby show options ...show and set options... msf...

K000151742: REXML vulnerability CVE-2024-43398

Security Advisory Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be...

Ruby RACK 3.1.x < 3.1.16 DoS

The version of the RACK Ruby library installed on the remote host is 3.1.x prior to 3.1.16 . It is, therefore, affected by a DoS vulnerability where an attacker can create a crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting...

RHEL 10 : ruby (RHSA-2025:8131)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8131 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

The vulnerability of the JSON extension of the Ruby programming language interpreter allows a hacker to trigger a service failure.

The vulnerability of the JSON extension of the Ruby programming language interpreter involves reading data beyond the allowable range of memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending specially crafted data...

CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

RHSA-2025:8131 Red Hat Security Advisory: ruby security update

Bulletin has no description...

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion

A flaw was found in Ruby's net-imap library. In certain versions, there is a possibility for denial of service by memory exhaustion in the net-imap response parser. At any time while the client is connected, a malicious server can send highly compressed uid-set data, which is automatically read b...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

Fedora: Security Advisory (FEDORA-2024-cfcd6258fa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2025:8131 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...

Fedora: Security Advisory (FEDORA-2024-8a931e76d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...