BIT-RAILS-2024-47889 Action Mailer has possible ReDoS vulnerability in block_format

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...

BIT-RAILS-2024-47888 Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node

Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...

BIT-RAILS-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

BIT-RAILS-2024-41128 Action Dispatch has possible ReDoS vulnerability in query parameter filtering

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-928)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-928 advisory. In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the hos...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-929)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-929 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for...

Medium: ruby3.2

Issue Overview: In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. CVE-2025-27221 Affected Packages: ruby3.2 Issue Correction: Run dnf update...

Medium: ruby3.2

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the...

The vulnerability of the Ruby interpreter’s Rack module interface allows attackers to influence the integrity of the protected information.

The vulnerability of the Ruby interpreter’s Rack module interface is related to incorrect processing of output data for registration logs. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...

Ubuntu: Security Advisory (USN-7418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7418-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu 24.04...

The vulnerability of the Ruby Sinatra web application development framework, related to errors in handling input data, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the Ruby Sinatra web application development framework is related to errors in processing input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of protected information through the X-Forwarded-Host header...

The vulnerability of the Ruby interpreter, related to the use of hidden time channels for data transmission, allows an attacker to execute the Marvin attack.

The vulnerability of the Ruby interpreter lies in the use of hidden time channels for data transmission. Exploiting this vulnerability allows a remote attacker to execute the Marvin attack...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby vulnerabilities (USN-7418-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7418-1 advisory. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribu...

Debian: Security Advisory (DLA-4115-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4115-1 ruby-saml - security update

Bulletin has no description...

[SECURITY] [DLA 4115-1] ruby-saml security update

Debian LTS Advisory DLA-4115-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 05, 2025 https://wiki.debian.org/LTS Package : ruby-saml Version : 1.11.0-1+deb11u2 CVE ID : CVE-2025-25291 CVE-2025-25292 CVE-2025-25293 Debian Bug : 1100441 Multiple...

Debian dla-4115 : ruby-saml - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4115 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4115-1 [email protected]...

ROS-20250403-16

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...

Ubuntu: Security Advisory (USN-7409-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...