149 matches found
BIT-RUBY-MIN-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...
BIT-RUBY-MIN-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...
BIT-RUBY-MIN-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...
ruby:3.1 security update
An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...
RLSA-2024:10850 Important: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
ruby:2.5 security update
An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...
ruby:3.1 security update
An update is available for ruby, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-pg, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: ruby
Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...
RHSA-2024:11029 Red Hat Security Advisory: ruby:2.5 security update
Bulletin has no description...
RHSA-2024:11028 Red Hat Security Advisory: ruby:2.5 security update
Bulletin has no description...
RHSA-2024:10984 Red Hat Security Advisory: ruby:3.1 security update
Bulletin has no description...
RHSA-2024:10982 Red Hat Security Advisory: ruby:3.1 security update
Bulletin has no description...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...
Important: Red Hat Security Advisory: ruby:2.5 security update
An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this...
RHSA-2024:10964 Red Hat Security Advisory: ruby security update
Bulletin has no description...
Important: Red Hat Security Advisory: ruby:3.1 security update
An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: ruby:3.1 security update
An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
ruby:2.5 security update
ruby 2.5.9-113.0.1 - Fix REXML ReDoS vulnerability CVE-2024-49761. rubygem-abrt 0.3.0-4 - Execute test suite unconditionally. - Upload correct sources. rubygem-bson rubygem-bundler rubygem-mongo 2.5.1-2 - Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz1710863 rubygem-mysql2...
RHSA-2024:10858 Red Hat Security Advisory: ruby security update
Bulletin has no description...