Lucene search
+L

69 matches found

debiancve
debiancve
added 2026/06/30 11:40 p.m.6 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS5.7AI score0.00253EPSS
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0563

Malware in sbrugna...

7.5CVSS6.6AI score0.06811EPSS
Exploits0References52
redhatcve
redhatcve
added 2025/03/14 7:19 a.m.6 views

CVE-2025-27788

A flaw was found in the JSON gem for Ruby. This vulnerability causes an out-of-bounds read via a specially crafted document, possibly resulting in a crash. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

7.5CVSS7.2AI score0.00665EPSS
Exploits0References6
nessus
nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2020-10663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability...

7.5CVSS7AI score0.06811EPSS
Exploits0References3
nessus
nessus
added 2023/09/27 12:0 a.m.67 views

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-007)

The version of ruby installed on the remote host is prior to 2.6.6-125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-007 advisory. jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not...

8.1CVSS7.7AI score0.29726EPSS
Exploits8References18
nessus
nessus
added 2023/09/07 12:0 a.m.40 views

Oracle Linux 8 : pcs (ELSA-2020-5724)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5724 advisory. 0.10.4-6.0.1.el82.1 - Replace HAM-logo.png with a generic one 0.10.4-6.el82.1 - Fixed running pcs status on remote nodes - Fixed ruby daemon closing connection...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References2
susecve
susecve
added 2023/02/15 5:42 a.m.5 views

SUSE CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS6.6AI score0.13911EPSS
Exploits0References13
redhat
redhat
added 2022/02/21 8:55 a.m.2 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
nessus
nessus
added 2022/02/09 12:0 a.m.41 views

Rocky Linux 8 : pcs (RLSA-2020:2462)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2462 advisory. - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References6
nessus
nessus
added 2022/02/09 12:0 a.m.63 views

Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2588 advisory. - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user...

8.1CVSS7.9AI score0.06811EPSS
Exploits2References21
nessus
nessus
added 2021/07/07 12:0 a.m.48 views

Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. ruby 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing...

8.1CVSS7AI score0.06811EPSS
Exploits2References10
nessus
nessus
added 2021/07/02 12:0 a.m.68 views

Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory. ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS:...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References9
nessus
nessus
added 2020/08/31 12:0 a.m.46 views

Amazon Linux AMI : ruby19, ruby21 (ALAS-2020-1426)

The version of ruby19 installed on the remote host is prior to 1.9.3.551-33.71. The version of ruby21 installed on the remote host is prior to 2.1.9-1.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1426 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ru...

7.5CVSS7.3AI score0.06811EPSS
Exploits0References3
amazon
amazon
added 2020/08/31 12:0 a.m.89 views

Medium: ruby19, ruby21

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.1AI score0.13911EPSS
Exploits0
amazon
amazon
added 2020/08/31 12:0 a.m.100 views

Important: ruby24

Issue Overview: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.1CVSS7.3AI score0.29726EPSS
Exploits7
amazon
amazon
added 2020/08/31 12:0 a.m.90 views

Medium: rubygem-json

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.1AI score0.13911EPSS
Exploits0
nessus
nessus
added 2020/08/31 12:0 a.m.45 views

Amazon Linux AMI : ruby24 (ALAS-2020-1422)

The version of ruby24 installed on the remote host is prior to 2.4.10-2.12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1422 advisory. Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using...

8.1CVSS7.5AI score0.29726EPSS
Exploits7References15
nessus
nessus
added 2020/08/31 12:0 a.m.47 views

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References3
osv
osv
added 2020/07/27 6:8 p.m.57 views

GHSA-JPHG-QWRW-7W9G Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

7.5CVSS6.8AI score0.06811EPSS
Exploits0References23
github
github
added 2020/07/27 6:8 p.m.86 views

Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

7.5CVSS2.3AI score0.06811EPSS
Exploits0References23Affected Software1
Rows per page
Query Builder