Lucene search
K

171 matches found

OSV
OSV
added 2026/04/29 6:53 a.m.5 views

CLSA-2026-1777444043 ruby: Fix of 2 CVEs

CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...

7.5CVSS7.2AI score0.05061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:22 p.m.3 views

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

7.5CVSS5.9AI score0.00266EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 5:22 p.m.7 views

CVE-2026-40069 bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/07 4:38 p.m.18 views

CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS0.0036EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/07 4:38 p.m.4 views

CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS5.2AI score0.0036EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.18 views

Addressable 安全漏洞

Addressable is a Ruby library developed by Bob Aman. Versions of Addressable from 2.3.0 to 2.9.0 contained a security vulnerability. This vulnerability stemmed from the URI template implementation; two types of regular expressions generated by the URI templates had catastrophic backtracking, whic...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/30 5:6 p.m.6 views

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-33635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2,...

4.3CVSS6AI score0.00244EPSS
Exploits1References3
RubySec
RubySec
added 2026/03/27 12:0 a.m.7 views

MCP Ruby SDK - Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...

8.2CVSS5.8AI score0.00465EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/26 9:17 p.m.4 views

DEBIAN-CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

4.3CVSS5.6AI score0.00244EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 9:17 p.m.4 views

UBUNTU-CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References5
CVE
CVE
added 2026/03/26 8:30 p.m.20 views

CVE-2026-33635

The CVE-2026-33635 entry concerns the iCalendar Ruby library. Affected versions are 2.0.0 up to, but not including, 2.12.2, where ICS serialization fails to sanitize URI property values in calendar data. Specifically, Icalendar::Values::Uri falls back to the raw input when URI.parse fails and the...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:30 p.m.2 views

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

iCalendar 注入漏洞

iCalendar is an open-source Ruby library for processing iCalendar format files. Versions 2.0.0 to 2.12.2 of iCalendar contain a vulnerability due to improper cleanup of URI attribute values during .ics serialization, which may lead to ICS injection attacks...

4.3CVSS5.8AI score0.00244EPSS
Exploits1References3
OSV
OSV
added 2026/03/11 12:24 a.m.3 views

GHSA-MHG6-2Q2V-9H2C sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/01/19 4:20 p.m.6 views

CLSA-2026-1768839607 ruby: Fix of 2 CVEs

CVE-2025-61594: fix incomplete fix for CVE-2025-27221 which allowed credential leaks to persist in URI+ - fully redact x-oauth-basic tokens from tests - update URI specs to reflect that modifying user or host clears credentials...

7.5CVSS6AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 9:21 a.m.5 views

CLSA-2026-1768814484 ruby: Fix of CVE-2025-58767

CVE-2025-58767: fixed REXML to reject duplicate XML declarations and validate declaration attributes to protect from DoS...

5.3CVSS7.3AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2025/12/23 10:6 a.m.9 views

RHSA-2025:23927 Red Hat Security Advisory: ruby security update

Bulletin has no description...

8.1CVSS6.9AI score0.00707EPSS
Exploits0References23
OPENSUSE Linux
OPENSUSE Linux
added 2025/12/19 12:0 a.m.3 views

libruby3_4-3_4-3.4.8-1.1 on GA media (moderate)

libruby34-34-3.4.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15828-1 Rating: moderate Cross-References: CVE-2025-58767 CVSS scores: CVE-2025-58767 SUSE : 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-58767 SUSE : 5.1...

5.1CVSS7.1AI score0.00231EPSS
Exploits0
NVD
NVD
added 2025/12/17 9:15 p.m.13 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS0.00185EPSS
Exploits0References3
Rows per page
Query Builder