Lucene search
+L

22 matches found

nessus
nessus
added 2026/05/16 12:0 a.m.15 views

Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1690)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1690 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB...

8.1CVSS6AI score0.01131EPSS
Exploits0References4
amazon
amazon
added 2026/05/15 12:0 a.m.11 views

Important: ruby3.4

Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...

8.1CVSS6.2AI score0.01131EPSS
Exploits0
amazon
amazon
added 2026/05/14 12:0 a.m.18 views

Important: ruby

Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...

8.1CVSS6.2AI score0.01131EPSS
Exploits0
nessus
nessus
added 2026/05/14 12:0 a.m.9 views

TencentOS Server 4: ruby (TSSA-2026:0297)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0297 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.1CVSS6.1AI score0.01131EPSS
Exploits0References2
nessus
nessus
added 2026/05/14 12:0 a.m.10 views

Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...

8.1CVSS6AI score0.01131EPSS
Exploits0References4
nessus
nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016801 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to...

8.1CVSS6AI score0.01131EPSS
Exploits0References4
github
github
added 2026/04/24 3:36 p.m.22 views

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

Summary Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods that also evaluate @src via eva...

8.1CVSS6.7AI score0.01131EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2026/04/24 4:20 a.m.11 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the defmodule, defmethod, or defclass methods due to insufficient deserialization guards. An attacker can achieve arbitrary code execution by supplying crafted input to Marshal.load in a Ruby application...

9.2CVSS6.3AI score0.01131EPSS
Exploits0References2
osv
osv
added 2026/04/24 3:16 a.m.5 views

DEBIAN-CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.1AI score0.01131EPSS
Exploits0References1
nvd
nvd
added 2026/04/24 3:16 a.m.5 views

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS0.01131EPSS
Exploits0References17
osv
osv
added 2026/04/24 2:35 a.m.2 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References19
cve
cve
added 2026/04/24 2:35 a.m.50 views

CVE-2026-41316

ERB has a deserialization guard for @_init in ERB#result and ERB#run, but public methods ERB#def_method, ERB#def_module, and ERB#def_class were not guarded. The vulnerability arises when Marshal.load is used on untrusted data with erb loaded, allowing code execution via the unguarded paths. Patch...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References17
vulnrichment
vulnrichment
added 2026/04/24 2:35 a.m.5 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6AI score0.01131EPSS
Exploits0References1
euvd
euvd
added 2026/04/24 2:35 a.m.6 views

EUVD-2026-25385

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6AI score0.01131EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/24 2:35 a.m.34 views

CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS0.01131EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/21 12:0 a.m.8 views

PT-2026-33982

Name of the Vulnerable Software and Affected Versions ERB versions prior to 6.0.1.1 ERB versions prior to 6.0.4 ERB versions prior to 4.0.3.1 ERB versions prior to 4.0.4.1 Ruby versions prior to 4.0.3 Description A deserialization guard bypass exists in ERB involving the init variable. This issue...

8.1CVSS5.8AI score0.01131EPSS
Exploits0References71
rubygems
rubygems
added 2026/04/13 12:0 a.m.15 views

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References1Affected Software1
hackerone
hackerone
added 2022/04/25 3:55 a.m.107 views

Internet Bug Bounty: CVE-2022-28738: Double free in Regexp compilation

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from...

7.5CVSS8.6AI score0.02744EPSS
Exploits0
snyk
snyk
added 2021/05/26 7:50 a.m.6 views

Arbitrary Code Execution

Overview ruby-jss is a provides native ruby access to the REST APIs of Jamf Pro, an enterprise/education tool for managing Apple devices, from jamf.com. Affected versions of this package are vulnerable to Arbitrary Code Execution. This is due to the usage of the plist library, which has documente...

9.8CVSS6.9AI score0.02603EPSS
Exploits0References2
attackerkb
attackerkb
added 2021/05/25 11:15 p.m.3 views

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

9.8CVSS7.3AI score0.02603EPSS
Exploits0References3
Rows per page
Query Builder