3338 matches found
Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch
A ReDoS vulnerability was discovered in the Accept header parsing in Action Dispatch. The vulnerability was assigned the CVE identifier CVE-2024-26142. Affected versions were 7.1.0 to 7.1.3, while versions prior to 7.1.0 and 7.1.3.1 and later were not affected. The vulnerability was reported and ...
AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...
Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory. ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI...
rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...
ruby: ReDoS vulnerability in URI
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...
Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...
ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Regular Expression Denial Of Service (ReDoS)
angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression backtracking in the ng-srcset directive. This potentially leads to Regular Expression Denial of Service ReDoS...
ruby:3.1 security, bug fix, and enhancement update
An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RLSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. Rocky Linux-28565 Security Fixes: ruby/cgi-gem: HTTP response...
Fedora 38 : python-pygments (2024-8eaf80107a)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8eaf80107a advisory. Security fix for CVE-2022-40896 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Debian dla-3768 : python-pil - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3768 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3768-1 [email protected]...
Regular Expression Denial Of Service (ReDoS)
django-wiki is vulnerable to Regular Expression Denial Of Service ReDoS. This vulnerability is due to improper input validation, allowing maliciously crafted article content to cause severe CPU usage through a regular expression loop, which results in a Denial of Service DoS condition...
Oracle Linux 8 : ruby:3.1 (ELSA-2024-1431)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1431 advisory. ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in UR...
AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1431 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...
ruby:3.1 security, bug fix, and enhancement update
ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in URI. Resolves: RHEL-28567 Resolves: RHEL-28576 - Fix ReDos vulnerability in Time. Resolves: RHEL-28566 - Make RDoc soft dependency in IRB. Resolves:...
ruby: ReDoS vulnerability in Time
A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...
rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...