119 matches found
AlmaLinux 10 : ruby (ALSA-2026:18065)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18065 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the AlmaLinux...
RockyLinux 9 : ruby (RLSA-2026:18039)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18039 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...
AlmaLinux 9 : ruby (ALSA-2026:18039)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18039 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the AlmaLinux...
RLSA-2026:18030 Important: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...
Important: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
ruby security update
3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244...
Important: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...
Oracle Linux 10 : ruby (ELSA-2026-18065)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18065 advisory. 3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244 Tenable has extracted the preceding descripti...
RHEL 9 : ruby (RHSA-2026:18039)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18039 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...
RHEL 10 : ruby (RHSA-2026:18065)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18065 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management...
RHEL 9 : ruby:3.3 (RHSA-2026:18030)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18030 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...
RockyLinux 9 : ruby:3.3 (RLSA-2026:18030)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18030 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...
Important: ruby3.4
Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...
Important: ruby
Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...
Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)
The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...
TencentOS Server 4: ruby (TSSA-2026:0297)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0297 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
OESA-2026-2263 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016801)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016801 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to...