CVE-2020-16253

The PgHero gem through 2.6.0 for Ruby allows CSRF...

CVE-2020-16252

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...

CVE-2013-1898

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...

CVE-2013-2513

The flashtool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file...

CVE-2013-2615

lib/entrycontroller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...

CVE-2013-4203

The self.rungpg function in lib/rgpg/gpghelper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2011-5330

Distributed Ruby aka DRuby 1.8 mishandles the sending of syscalls...

CVE-2019-7615

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'servercacert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the...

CVE-2019-25061

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

CVE-2019-13146

The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...

CVE-2018-10199

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

CVE-2016-11086

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

CVE-2013-2512

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...

CVE-2013-1947

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to 1 document.rb, 2 video.rb, or 3 videoimage.rb...

CVE-2014-10075

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2013-5647

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

CVE-2013-0284

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...