CVE-2026-41316 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails, ruby4.0-rails, ruby3.3-rails, ruby...

CVE-2026-41316 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, logstash-fips, ruby3.4-rails, ruby4.0-rails, ruby3.2-rails, ruby...

GHSA-Q339-8RMV-2MHV vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, logstash-fips, ruby3.4-rails, ruby4.0-rails, ruby3.2-rails, ruby...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...

CLSA-2026-1777444043 ruby: Fix of 2 CVEs

CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...

Exploit for CVE-2025-27407

CVE-2025-27407 GitLab Podman Lab Minimal local-only lab for p...

CVE-2026-41316

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the defmodule, defmethod, or defclass methods due to insufficient deserialization guards. An attacker can achieve arbitrary code execution by supplying crafted input to Marshal.load in a Ruby application...

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

UBUNTU-CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

EUVD-2026-25385

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

Linux Distros Unpatched Vulnerability : CVE-2026-41316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBr...

CLSA-2026-1776952176 ruby: Fix of 4 CVEs

CVE-2024-39908: fix ReDoS in REXML parser for repeated / character reference payloads - CVE-2024-41123: fix ReDoS in REXML source.match when no terminator string is specified - CVE-2024-41946: add XML entity expansion limit to REXML SAX and pull parsers - CVE-2024-43398: fix DoS via deep elements...

OPENSUSE-SU-2026:10609-1 libruby4_0-4_0-4.0.3-1.1 on GA media

These are all security issues fixed in the libruby40-40-4.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10604-1 ruby4.0-rubygem-rack-session-2.1.2-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-session-2.1.2-1.1 package on the GA media of openSUSE Tumbleweed...

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...