Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.6 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-7840-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7840-1 advisory. It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of...

7.5CVSS6.8AI score0.02064EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.14 views

Photon OS 4.0: Rubygem PHSA-2025-4.0-0820

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0820. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7AI score0.00393EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/06/20 4:45 p.m.8 views

K000151740: Ruby vulnerability CVE-2024-47220

Security Advisory Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the...

7.3AI score0.00393EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 4: pcs (TSSA-2024:0533)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0533 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.4CVSS6.7AI score0.00646EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/04/24 5:12 p.m.6 views

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 CVE-2025-27220: Fixed ReDoS in CGI::UtilescapeElement bsc1237806 Other fixes: - Improved fix for CVE-2024-47220 bsc1230930, bsc1235773 Patch Instructions: To install this...

8.3CVSS6.8AI score0.00784EPSS
Exploits0References14
OpenVAS
OpenVAS
added 2025/03/03 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2025:0736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.5AI score0.01429EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/02/12 4:40 p.m.17 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.11

Logging for Red Hat OpenShift - 5.9.11 Logging for Red Hat OpenShift - 5.9.11 logging-fluentd-container: HTTP request smuggling CVE-2024-47220 cluster-logging-operator-container: Info Leak via Uninitialized Stack Contents CVE-2024-12085...

7.5CVSS7.2AI score0.09353EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2025/01/14 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1014)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.7AI score0.01429EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.12 views

Amazon Linux 2 : ruby (ALAS-2024-2706)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2706 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a...

7AI score0.00393EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/11/11 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2024-0348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score0.00393EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.14 views

SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2024:3939-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3939-1 advisory. - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 Tenable has extracted the preceding description block directly from the SUSE...

6.9AI score0.00393EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2024/11/07 10:8 a.m.1 views

Security update for ruby2.1

This update for ruby2.1 fixes the following issues: CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...

8.3CVSS7.3AI score0.00393EPSS
Exploits0References4
OSV
OSV
added 2024/11/07 10:8 a.m.13 views

SUSE-SU-2024:3939-1 Security update for ruby2.1

This update for ruby2.1 fixes the following issues: - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930...

7.5AI score0.00393EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.11 views

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2024-743)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-743 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., GET /admin...

6.9AI score0.00393EPSS
Exploits0References4
Amazon
Amazon
added 2024/10/31 12:0 a.m.8 views

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

7.2AI score0.00393EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/09/23 5:10 a.m.16 views

CVE-2024-47220

A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result,...

7.5CVSS6.5AI score0.00393EPSS
Exploits0References5
Wolfi
Wolfi
added 2024/09/22 1:15 a.m.18 views

CVE-2024-47220 vulnerabilities

Vulnerabilities for packages: ruby3.2-webrick, kube-fluentd-operator...

6.7AI score0.00393EPSS
Exploits0
NVD
NVD
added 2024/09/22 1:15 a.m.23 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

0.00393EPSS
Exploits0References4
Chainguard
Chainguard
added 2024/09/22 1:15 a.m.8 views

CVE-2024-47220 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.1-fluentd-kubernetes-daemonset, ruby3.2-webrick, kube-fluentd-operator, ruby3.4-fluentd-kubernetes-daemonset...

6.7AI score0.00393EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/09/22 12:0 a.m.13 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.5AI score0.00393EPSS
Exploits0
Rows per page
Query Builder