ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...

USN-8190-1 ruby-rack-session vulnerability

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...

Debian dla-4407 : ruby-sidekiq - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4407 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4407-1 [email protected]...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby4.0: ruby4.0-4.0.0-33.3.hum1 aarch64, x8664 ruby4.0-bundled-gems-4.0.0-33.3.hum1 aarch64, x8664 ruby4.0-default-gems-4.0.0-33.3.hum1 noarch ruby4.0-devel-4.0.0-33.3.hum1 aarch64, x8664...

EUVD-2026-23278

Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

UBUNTU-CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27820

CVE-2026-27820 is a buffer overflow in the Ruby zlib interface’s Zlib::GzipReader caused by zstream_buffer_ungets not ensuring sufficient Ruby string capacity before memmove. Affected: zlib gem v3.2.0/3.2.1 and earlier (3.0.0 and below, 3.1.0/3.1.1, 3.2.0/3.2.1). Impact: memory corruption when bu...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

Malicious code in monolith-twirp-pullsd-users (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2815 Malicious code in monolith-twirp-pullsd-authorization (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in monolith-twirp-pullsd-authorization (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2814 Malicious code in gitlab-orchestrator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2026-35611 affecting package rubygem-addressable for versions less than 2.9.0-1

CVE-2026-35611 affecting package rubygem-addressable for versions less than 2.9.0-1. An upgraded version of the package is available that resolves this issue...

Linux Distros Unpatched Vulnerability : CVE-2026-27820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow...