RHEL 7 : rh-ruby27-ruby (RHSA-2022:6856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6856 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

CVE-2021-41816

CVE-2021-41816 affects CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3, with an integer overflow leading to a buffer overflow on platforms where size_t and long differ (Windows). The vulnerability also affects the CGI gem up to 0.3.1. Connected advisories confirm affected Ruby 2.7 and 3...

Debian DSA-5067-1 : ruby2.7 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5067 advisory. Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result in information disclosure or...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5235-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5235-1 advisory. It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash...

Updated ruby packages fix security vulnerability

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...

GHSA-5CQM-CRXM-6QPV Buffer overrun in CGI.escape_html

A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...

Buffer overrun in CGI.escape_html

A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

Ruby Buffer Overflow Vulnerability (CNVD-2022-18048)

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. buffer overflow vulnerability exists in versions prior to Ruby 3.0.3, which stems from a buffer overflow string 700 MB to CGI.escapehtml when passing very large data. ...

Buffer Overrun in CGI.escape_html

A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...