183 matches found
EUVD-2010-3119
Malware in sbrugna...
URI Credential Leakage Bypass
A vulnerability in the URI library bundled with Ruby allows sensitive user credentials such as usernames or passwords in a URI to be unintentionally leaked when combining URIs using the + operator. This issue bypasses the previous fix for CVE-2025-27221. The issue affects Ruby's built-in URI...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2021-32740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2019-18978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the rack-cors aka Rack CORS Middleware gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources becau...
CVE-2025-45765
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...
ruby:3.3 security update
An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby, which stems from insufficient checking of the length of decompressed domain names in DNS packets, which could lead to a...
Webrick 环境问题漏洞
Webrick is an HTTP server toolkit open-sourced by The Ruby Programming Language. Webrick suffers from an environment issue vulnerability that stems from inconsistent parsing of HTTP header terminators by the readheaders method, which could lead to an HTTP request entrapment attack...
CGI: Denial of Service in CGI::Cookie.parse
A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...
CLSA-2025-1745053071 ruby: Fix of CVE-2024-49761
CVE-2024-49761: parse XML with many digits in hex numeric character reference &x... to fix ReDoS vulnerability in REXML...
AZL-57923 CVE-2025-27219 affecting package ruby for versions less than 3.3.5-3
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
OESA-2025-1196 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starti...
RLSA-2024:10860 Important: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
rexml: REXML ReDoS vulnerability
A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
Important: Red Hat Security Advisory: ruby:3.1 security update
An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2024:10850 Important: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...