13973 matches found
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016521)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016521 advisory. An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data...
GHSA-VCGP-9326-PQCP vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails, ruby4.0-rails, logstash, kube-logging-operator, ruby3.2-net-imap, ruby3.3-net-imap, kube-fluentd-operator, ruby3.3-rails, ruby4.0-net-imap, ruby3.4-net-imap...
GHSA-HM49-WCQC-G2XG vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails, ruby4.0-rails, logstash, ruby3.3-net-imap, kube-logging-operator, ruby3.2-net-imap, ruby3.3-rails, ruby4.0-net-imap, ruby3.4-net-imap...
GHSA-75XQ-5H9V-W6PX vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails, ruby4.0-rails, logstash, ruby3.3-net-imap, kube-logging-operator, ruby3.2-net-imap, ruby3.3-rails, ruby4.0-net-imap, ruby3.4-net-imap...
CVE-2026-42257 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails, ruby4.0-rails, logstash, ruby3.3-net-imap, kube-logging-operator, ruby3.2-net-imap, ruby3.3-rails, ruby4.0-net-imap, ruby3.4-net-imap...
GHSA-Q2MW-FVJ9-VVCW vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
CVE-2026-42258 vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
GHSA-75XQ-5H9V-W6PX vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
CVE-2026-42256 vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
CVE-2026-42257 vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
CVE-2026-42246 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, kube-logging-operator, logstash-fips, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
CVE-2026-42245 vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
GHSA-VCGP-9326-PQCP vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, kube-logging-operator, logstash-fips, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
GHSA-HM49-WCQC-G2XG vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-net-imap, gitlab-rails-ce-fips, logstash-fips, kube-logging-operator, ruby3.4-rails, ruby3.2-net-imap, logstash, ruby4.0-rails, gitlab-rails-ce, ruby3.3-net-imap, ruby3.2-rails...
GHSA-3H96-34P3-XM76 GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens
GraphQL-Ruby's maxquerystringtokens configuration didn't count comment tokens against the limit, allowing strings to be processed even after the configured maximum had actually been reached. In patched versions, the Ruby lexer does count these tokens. GraphQL-CParser is not affected by this...
GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens
GraphQL-Ruby's maxquerystringtokens configuration didn't count comment tokens against the limit, allowing strings to be processed even after the configured maximum had actually been reached. In patched versions, the Ruby lexer does count these tokens. GraphQL-CParser is not affected by this...
Allocation of Resources Without Limits or Throttling
Overview graphql is a plain-Ruby implementation of GraphQL. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper counting of comment tokens in the maxquerystringtokens configuration. An attacker can cause excessive resource...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.2 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP reque...
GHSA-87PF-FPWV-P7M7 net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...