Amazon Linux 2 : ruby (ALAS-2024-2486)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2486 advisory. A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-002)

The version of ruby installed on the remote host is prior to 2.6.9-129. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-002 advisory. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1292)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-H452-7996-H45H cookiejar Regular Expression Denial of Service via Cookie.parse function

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1056)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : rh-ruby27-ruby (RHSA-2022:6856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6856 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2022-2588)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed...

EulerOS Virtualization 3.0.6.6 : ruby (EulerOS-SA-2022-2536)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV...

AlmaLinux 8 : ruby:2.7 (ALSA-2022:6447)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6447 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2022:3292-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3292-1 advisory. - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem...

Oracle Linux 8 : ruby:3.0 (ELSA-2022-6450)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6450 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 8 : ruby:2.7 (ELSA-2022-6447)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6447 advisory. - Fix regular Expression Denial of Service Vulnerability of Date Parsing Methods. Resolves: CVE-2021-41817 - Fix cookie prefix spoofing in...

AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 Tenable has extracted the preceding description bloc...

CentOS 8 : ruby:2.5 (CESA-2022:5779)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:5779 advisory. - ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 - ruby: Cookie prefix spoofing in CGI::Cookie.parse...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1761)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : ruby (EulerOS-SA-2022-1613)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1613)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...