38 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-16254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the...
BIT-RUBY-2020-5247 HTTP Response Splitting in Puma
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
RHEL 7 : rh-ruby25-ruby (RHSA-2021:2104)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2104 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 8 : ruby:2.6 (RHSA-2022:0582)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0582 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Rocky Linux 8 : ruby:2.5 (RLSA-2021:2587)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2587 advisory. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. CVE-2019-15845 -...
Mageia: Security Advisory (MGASA-2019-0408)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory. ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS:...
Moderate: Red Hat Security Advisory: ruby:2.5 security, bug fix, and enhancement update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2019-16254 affecting package ruby 2.6.3-3
CVE-2019-16254 affecting package ruby 2.6.3-3. An upgraded version of the package is available that resolves this issue...
Moderate: Red Hat Security Advisory: rh-ruby25-ruby security, bug fix, and enhancement update
An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
SUSE: Security Advisory (SUSE-SU-2020:0737-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated jruby packages fix security vulnerabilities
Response Splitting attack in the HTTP server of WEBrick CVE-2017-17742. Delete directory using symlink when decompressing tar CVE-2019-8320. Escape sequence injection vulnerability in verbose CVE-2019-8321. Escape sequence injection vulnerability in gem owner CVE-2019-8322. Escape sequence...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-2139)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2330-1 : jruby security update
Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication...
Debian: Security Advisory (DLA-2330-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1529)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : ruby2.5 (openSUSE-2020-395)
This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)
This update for ruby2.5 toversion 2.5.7 fixes the following issues : ruby 2.5 was updated to version 2.5.7 CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. CVE-2019-16254: Fixed am...
Cross site scripting
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...