107 matches found
Astra Linux - уязвимость в ruby2.5
In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...
Astra Linux - уязвимость в ruby2.5
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allow HTTP response splitting. This is relevant for applications that use untrusted user input, either to generate an HTTP response or to create a CGI::Cookie object...
MiracleLinux 7 : ruby-2.0.0.648-39.0.1.el7.AXS7 (AXSA:2024-8934:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8934:03 advisory. CVE-2021-41819: when parsing cookies, only decode the values CVEs: CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in...
EUVD-2025-5509
Malicious code in bioql PyPI...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1604)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1603)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1603)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1642)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1625)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1539)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1538)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...
Azure Linux 3.0 Security Update: ruby (CVE-2025-27219)
The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...
USN-7442-1: Ruby vulnerabilities
It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...
ROS-20250417-12
Vulnerability in cgi gem software tool due to insufficient input validation when processing unreliable input using regular expressions in CGI::UtilescapeElement. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cgi gem...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-929)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-929 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for...
Medium: ruby3.2
Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the...
USN-7418-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu 24.04...
CBL Mariner 2.0 Security Update: ruby (CVE-2025-27219)
The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
...
[SECURITY] [DLA 4082-1] ruby2.7 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4082-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès March 10, 2025 https://wiki.debian.org/LTS -...