JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

Denial of Service (DoS)

Overview org.jruby:jruby-stdlib is a JRuby Lib Setup package. Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges...

GHSA-735F-PC8J-V9W8 protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

GHSA-VMWR-MC7X-5VC3 vulnerabilities

Vulnerabilities for packages: ruby3.2-rexml, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.1-fluentd-kubernetes-daemonset, ruby, kube-fluentd-operator, jruby...

Fedora: Security Advisory for bsf (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: bsf-2.4.0-54.fc40

Bean Scripting Framework BSF is a set of Java classes which provides scripting language support within Java applications, and access to Java objects and methods from scripting languages. BSF allows one to write JSPs in languages other than Java while providing access to the Java class library. In...

Improper Certificate Validation

jruby-openssl is vulnerable to Improper Certificate Validation. The vulnerability is due to incorrect hashing of certificate names in X509Name.java and insufficient checking of certificate path lengths in StoreContext.java. This allows an attacker to trick the client application into believing th...

CVE-2009-4123

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...

Input validation

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...

JRuby-OpenSSL Security Vulnerability

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. A security vulnerability exists in JRuby-OpenSSL versions prior to 0.6, which stems from incorrectly handling SSL certificate validation...

CVE-2009-4123

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...

CVE-2009-4123

CVE-2009-4123 affects the jruby-openssl gem for JRuby, with versions prior to 0.6 mishandling SSL certificate validation. The issue enables attackers to masquerade as a legitimate SSL server by abusing certificate validation logic, per Red Hat andVeracode entries, which detail faulty handling suc...

GHSA-HWW2-5G85-429M vulnerabilities

Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...

GHSA-HWW2-5G85-429M vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, jruby, ruby...

CVE-2023-36617 vulnerabilities

Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...

Debian: Security Advisory (DLA-3408-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3408 : jruby - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3408 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected]...

[SECURITY] [DLA 3408-1] jruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...

DLA-3408-1 jruby - security update

Bulletin has no description...

Debian: Security Advisory (DLA-209-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...