14147 matches found
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
ALPINE-CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
CVE-2025-27220 vulnerabilities
Vulnerabilities for packages: elasticsearch, jruby, ruby, logstash...
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
AZL-57938 CVE-2025-27220 affecting package ruby for versions less than 3.3.5-3
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-27219 vulnerabilities
Vulnerabilities for packages: elasticsearch, jruby, ruby, logstash...
AZL-57923 CVE-2025-27219 affecting package ruby for versions less than 3.3.5-3
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
AZL-57893 CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
AZL-57828 CVE-2025-27219 affecting package ruby for versions less than 3.1.4-9
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
CVE-2025-27219 vulnerabilities
Vulnerabilities for packages: ruby, jruby, logstash...
CVE-2025-27220 vulnerabilities
Vulnerabilities for packages: ruby, jruby, logstash...
UBUNTU-CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
UBUNTU-CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
UBUNTU-CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby versions prior to 1.0.3, which stems from the disclosure of authentication credentials in URI handling methods...
Linux Distros Unpatched Vulnerability : CVE-2017-16516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...
Linux Distros Unpatched Vulnerability : CVE-2019-13224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly co...