ROS-20230929-01

Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...

[SECURITY] [DLA 3408-1] jruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

CVE-2022-23476

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...

ruby-arr-pm 操作系统命令注入漏洞

ruby-arr-fpm is an RPM read/write library written in Ruby by the individual developer Jordan Sissel. It is intended to provide a way for fpm to read and write RPMs. A security vulnerability exists in ruby-arr-pm version 0.0.11 and earlier. An attacker could use this vulnerability to execute shell...

Moderate: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ROS-20220516-06

A vulnerability in the high-level Ruby programming language is related to a type conversion bug in the some conversion methods, such as KernelFloat and Stringtof. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a vulnerable application,...

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Ruby Information Disclosure Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the software developer Gyohiro Matsumoto. A security vulnerability exists in Ruby. An attacker can exploit this vulnerability by hijacking a session through a timing attack on the session ID...

ALPINE-CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

Important: Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update

An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

UBUNTU-CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

Ruby security vulnerabilities

DoS, restrictions bypass...

Fedora Update for ruby FEDORA-2013-22423

Check for the Version of ruby OpenVAS Vulnerability Test Fedora Update for ruby FEDORA-2013-22423 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Ruby Programming Language 1.7 File Upload

TITLE: Unauthenticated Remote File Upload via HTTP for ruby-Programming language 1.7 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/ruby-programming-language/id581732143?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "This is an io...

Moderate: Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...