Lucene search
K

732 matches found

OSV
OSV
added 2022/05/17 3:23 a.m.1 views

GHSA-HGG7-CGHQ-XHF4 Ruby vulnerable to denial of service

When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Jruby resolves this bug in version 1.7.3 as noted in...

5CVSS7.2AI score0.06671EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2022/02/21 9:4 a.m.2 views

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.63 views

Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2588 advisory. - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user...

8.1CVSS7.9AI score0.06811EPSS
Exploits2References21
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.41 views

Rocky Linux 8 : ruby:2.7 (RLSA-2021:2584)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2584 advisory. - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not...

7.5CVSS7.4AI score0.05061EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/01/06 12:0 a.m.255 views

EulerOS Virtualization 3.0.2.6 : ruby (EulerOS-SA-2021-2866)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip...

7.5CVSS7.5AI score0.05061EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/12/31 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2866)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.05061EPSS
Exploits1References2
Mageia
Mageia
added 2021/12/23 9:1 p.m.57 views

Updated ruby packages fix security vulnerability

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...

9.8CVSS1.4AI score0.06307EPSS
Exploits6References9
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/13 2:44 p.m.70 views

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Summary There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could cause a denial of service, HTTP response splitting, a remote attacker to bypass security restrictions, a remote attacker to obtain sensitive information, a local attacker to gain unauthorize...

8.1CVSS9.9AI score0.0865EPSS
Exploits5Affected Software1
OpenVAS
OpenVAS
added 2021/08/09 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2281)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.05061EPSS
Exploits0References2
OSV
OSV
added 2021/07/10 11:3 a.m.8 views

OESA-2021-1259 ruby security update

Security Fixes: The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.CVE-2021-28965...

7.5CVSS7AI score0.05061EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/07 12:0 a.m.39 views

Oracle Linux 8 : ruby:2.7 (ELSA-2021-2584)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2584 advisory. ruby 2.7.3-136 - Upgrade to Ruby 2.7.3. Resolves: rhbz1951999 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/07/07 12:0 a.m.48 views

Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. ruby 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing...

8.1CVSS7AI score0.06811EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.51 views

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2021-2069)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP serv...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/07/02 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05061EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.68 views

Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory. ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS:...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2021/07/01 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2012)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.05061EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/30 12:0 a.m.41 views

EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2021-2012)

According to the version of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML...

7.5CVSS7.1AI score0.05061EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/29 4:24 p.m.2 views

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:12 p.m.1 views

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:10 p.m.84 views

Moderate: Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References12
Rows per page
Query Builder