rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...

RHSA-2025:7539 Red Hat Security Advisory: ruby:2.5 security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

Alibaba Cloud Linux 3 : 0054: ruby:2.7 (ALINUX3-SA-2021:0054)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0054 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-36327: Bundler 1.16.0 through 2.2...

RHEL 8 : ruby:2.5 (RHSA-2025:7539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7539 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Alibaba Cloud Linux 3 : 0044: ruby:2.7 (ALINUX3-SA-2021:0044)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25613: An issue was discovered in...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1539)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1538)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4163-1] rubygems security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 12, 2025 https://wiki.debian.org/LTS -...

CVE-2025-46336 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.2-rails, ruby3.3-rails...

GHSA-9J94-67JR-4CQJ vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.2-rails, ruby3.3-rails...

GHSA-GJH7-P2FX-99VX vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.2-rack, logstash, ruby3.3-rack, ruby3.4-rack, ruby4.0-rack, ruby3.4-rails...

CVE-2025-46727 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.2-rack, logstash, ruby3.3-rack, ruby3.4-rack, ruby4.0-rack, ruby3.4-rails...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1539)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1538)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

ruby3.4-rubygem-rack-2.2-2.2.14-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.14-1.1 on GA media Announcement ID: openSUSE-SU-2025:15067-1 Rating: moderate Cross-References: CVE-2025-46727 CVSS scores: CVE-2025-46727 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-46727 SUSE : 8.7...

Oracle Linux 9 : ruby (ELSA-2025-4487)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4487 advisory. - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-86104 - Fix ReDoS in CGI::UtilescapeElement. CVE-2025-27220 Resolves:...

ruby:3.0 security update

An update is available for module.rubygem-pg, rubygem-abrt, rubygem-pg, module.ruby, module.rubygem-abrt, ruby, rubygem-mysql2, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...