EUVD-2020-0584

Malware in sbrugna...

EUVD-2022-7200

Malicious code in bioql PyPI...

EUVD-2024-0768

Malicious code in bioql PyPI...

[SECURITY] Fedora 40 Update: rust-rbspy-0.24.0-3.fc40

Sampling CPU profiler for Ruby...

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma, related to deficiencies in HTTP request processing, allows attackers to induce service failures.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to induce service failures through specially crafted HTTP requests HTTP Request Smuggling attacks...

[SECURITY] Fedora 37 Update: rubygem-puma-5.6.5-1.fc37

Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly parallel Ruby implementations such as Rubinius and JRuby as well as as providing process worker support...

[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker...

CVE-2022-0759

A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...

The vulnerability of the Gem Name Handler component in the Bundler’s dependency management tool for Ruby applications relates to a lack of mechanisms for managing code generation. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Gem Name Handler component in the Bundler dependency management tool for Ruby applications relates to improper handling of gems with identical names. Exploiting this vulnerability can allow an attacker to gain access to sensitive data, compromise its integrity, and cause...

CVE-2021-21305

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "manipulate!" method inappropriately evals the content of mutation option:read/:write...

CVE-2021-21305 Code Injection vulnerability in CarrierWave

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "manipulate!" method inappropriately evals the content of mutation option:read/:write...

Sinatra rack-protection cross-site request forgery vulnerability

Sinatra rack-protection is a component used in Sinatra to defend against web tools. A security vulnerability exists in the detection of cross-site request forgery tokens in Sinatra rack-protection 1.5.4 and 2.0.0.rc3 and earlier versions. An attacker can exploit this vulnerability to obtain a...