CVE-2025-27220 affecting package ruby for versions less than 3.1.4-9

CVE-2025-27220 affecting package ruby for versions less than 3.1.4-9. A patched version of the package is available...

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

...

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent XML parsing due to differences between ReXML and Nokogiri, allowing attackers to execute a Signature Wrapping attack that can bypass authentication...

RockyLinux 9 : ruby (RLSA-2024:10858)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10858 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to a parser differential between ReXML and Nokogiri, allowing an attacker to execute a Signature Wrapping attack and potentially gain unauthorized access...

ruby security update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

RLSA-2024:10858 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

Remote Denial Of Service (DoS)

ruby-saml is vulnerable to remote Denial of Service DoS. The vulnerability is due to the message size check being performed before decompression, allowing attackers to bypass it using compressed SAML responses...

The vulnerability in the implementation of the SAML SSO protocol for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO protocol implementation for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass...

The vulnerability in the GraphQL library for Ruby and the git-based software platform for collaborative code development on GitLab CE/EE arises from improper code generation management. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of the GraphQL library for Ruby and the git-based software platform used for collaborative code development on GitLab CE/EE is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass authentication processes...

CVE-2025-25293

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updatedajax method of the...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

CVE-2025-27788

A flaw was found in the JSON gem for Ruby. This vulnerability causes an out-of-bounds read via a specially crafted document, possibly resulting in a crash. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

GHSA-9M3Q-RHMV-5Q44 vulnerabilities

Vulnerabilities for packages: ruby3.4-json, ruby3.2-json, ruby3.3-json...

CamaleonCMS 安全漏洞

CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS that stems from a mass assignment that could lead to elevation of privilege...

SUSE CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...