Photon OS 4.0: Ruby PHSA-2024-4.0-0724

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0724. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Ruby PHSA-2024-5.0-0423

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0423. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

OESA-2024-2581 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: CVE-2021-41817...

Amazon Linux 2 : ruby (ALAS-2024-2706)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2706 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a...

BIT-RAILS-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

REXML denial of service vulnerability

...

RLSA-2024:10860 Important: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

ruby:3.1 security update

An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

RLSA-2024:10850 Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

ruby:2.5 security update

An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...

ruby:3.1 security update

An update is available for ruby, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-pg, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2024:10834 Important: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

RockyLinux 9 : ruby:3.1 (RLSA-2024:10860)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10860 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

RockyLinux 8 : ruby:2.5 (RLSA-2024:10850)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10850 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Internet Bug Bounty: [CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch

A vulnerability was discovered in the contentsecuritypolicy helper in Action Pack of Ruby on Rails. Carefully crafted inputs were able to inject new directives into the Content-Security-Policy CSP header, potentially leading to a bypass of the CSP and its protection against cross-site scripting X...

CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1

CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1

CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1. A patched version of the package is available...

CVE-2024-39908 affecting package ruby for versions less than 3.3.5-1

CVE-2024-39908 affecting package ruby for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...