CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/16 12:0 a.m.•7 views

Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1690)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1690 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB...

Amazon•added 2026/05/15 12:0 a.m.•6 views

Exploits0References4

Important: ruby3.4

Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...

Amazon•added 2026/05/14 12:0 a.m.•5 views

Important: ruby

Tenable Nessus•added 2026/05/14 12:0 a.m.•5 views

Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...

Tenable Nessus•added 2026/05/14 12:0 a.m.•4 views

Exploits0References4

TencentOS Server 4: ruby (TSSA-2026:0297)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0297 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.1CVSS6.1AI score0.00048EPSS

Exploits0References2

Tenable Nessus•added 2026/05/09 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016801 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to...

Github Security Blog•added 2026/04/24 3:36 p.m.•11 views

Exploits0References4

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

Summary Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods that also evaluate @src via eva...

8.1CVSS6.7AI score0.00048EPSS

Exploits0References3Affected Software1

Snyk•added 2026/04/24 4:20 a.m.•7 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the defmodule, defmethod, or defclass methods due to insufficient deserialization guards. An attacker can achieve arbitrary code execution by supplying crafted input to Marshal.load in a Ruby application...

9.2CVSS6.3AI score0.00048EPSS

Exploits0References2

NVD•added 2026/04/24 3:16 a.m.•1 views

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS0.00048EPSS

OSV•added 2026/04/24 3:16 a.m.•2 views

DEBIAN-CVE-2026-41316

8.1CVSS6.1AI score0.00048EPSS

EUVD•added 2026/04/24 2:35 a.m.•1 views

EUVD-2026-25385

Debian CVE•added 2026/04/24 2:35 a.m.•2 views

CVE-2026-41316

8.1CVSS6.1AI score0.00048EPSS

Cvelist•added 2026/04/24 2:35 a.m.•24 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

8.1CVSS0.00048EPSS

ATTACKERKB•added 2026/04/24 2:35 a.m.•1 views

CVE-2026-41316

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/24 2:35 a.m.•3 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

CVE•added 2026/04/24 2:35 a.m.•15 views

CVE-2026-41316

ERB has a deserialization guard for @_init in ERB#result and ERB#run, but public methods ERB#def_method, ERB#def_module, and ERB#def_class were not guarded. The vulnerability arises when Marshal.load is used on untrusted data with erb loaded, allowing code execution via the unguarded paths. Patch...

CNNVD•added 2026/04/24 12:0 a.m.•4 views

ERB 安全漏洞

ERB is an open-source embedded Ruby template processing tool developed by The Ruby Programming Language. There is a security vulnerability in ERB, which stems from the lack of protection for @src in methods like ERBdefmethod, ERBdefmodule, and ERBdefmodule. This vulnerability could allow attacker...

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

Exploits0References2

PT-2026-33982

Name of the Vulnerable Software and Affected Versions ERB versions prior to 6.0.1.1 ERB versions prior to 6.0.4 ERB versions prior to 4.0.3.1 ERB versions prior to 4.0.4.1 Ruby versions prior to 4.0.3 Description A deserialization guard bypass exists in ERB involving the init variable. This issue...

8.1CVSS5.8AI score0.00048EPSS

Exploits0References48

RubySec•added 2026/04/13 12:0 a.m.•6 views

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...