78 matches found
CVE-2020-10663
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...
PT-2020-2439
Name of the Vulnerable Software and Affected Versions Ruby versions 2.5.x through 2.5.7 Ruby versions 2.6.x through 2.6.5 Ruby version 2.7.0 Description An issue in Ruby may expose possibly sensitive data from the interpreter. This occurs when the BasicSocketread nonblock method is called with th...
OPENSUSE-SU-2020:0395-1 Recommended update for ruby2.5
This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...
DSA-4586-1 ruby2.5 - security update
Bulletin has no description...
ruby:2.5 bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
RHEL 8 : ruby:2.5 (RHSA-2019:1972)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1972 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...
Oracle Linux 8 : ruby:2.5 (ELSA-2019-1972)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1972 advisory. - Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324 rubygem-mongo Tenable has extracted the preceding description block...
Deserialization of untrusted data
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code...
Input validation
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...
Input validation
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
Design/Logic Flaw
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000076
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000075
CVE-2018-1000075 affects RubyGems: a negative-size condition in the ruby gem package tar header can cause an infinite loop. Affected ranges include RubyGems in the 2.2, 2.3, 2.4, and 2.5 series (e.g., 2.2.9 and earlier; 2.3.6 and earlier; 2.4.3 and earlier; 2.5.0 and earlier) up to trunk revision...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000079
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
PT-2019-4673 · Puma +9 · Puma +10
Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.4.8 Ruby versions 2.5.x through 2.5.6 Ruby versions 2.6.x through 2.6.4 Puma versions prior to 3.12.3 Puma versions prior to 4.3.2 Description: The issue is related to incorrect handling of special elements in the...