MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

MiracleLinux 8 : ruby:2.5 (AXSA:2021-2345:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2345:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

GHSA-CXGF-V2P8-7PH7 NuProcess vulnerable to command-line injection through insertion of NUL character(s)

Impact In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in...

RHEL 7 : rh-ruby26-ruby (RHSA-2021:2230)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2230 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

RHEL 8 : ruby:2.6 (RHSA-2022:0581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0581 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ALSA-2021:2587 Moderate: ruby:2.5 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.5.9. BZ1952626 Security Fixes: ruby: NUL injection vulnerability of...

ruby:2.5 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CentOS 8 : ruby:2.6 (CESA-2021:2588)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2588 advisory. - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 - ruby: Regular expression denial of service vulnerability of...

RHEL 8 : ruby:2.5 (RHSA-2021:2587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2587 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

RHEL 8 : ruby:2.6 (RHSA-2021:2588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2588 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

FreeBSD : ruby -- multiple vulnerabilities (f7fcb75c-e537-11e9-863e-b9b7af01ba9e)

Ruby news : This release includes security fixes. Please check the topics below for details. CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch? A NUL injection vulnerability of Ruby built-in methods File.fnmatch and File.fnmatch? was found. An attacker who has the...

[ASA-201910-2] ruby: multiple issues

Arch Linux Security Advisory ASA-201910-2 ========================================= Severity: Medium Date : 2019-10-02 CVE-ID : CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 Package : ruby Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1039 Summary...

A NUL injection vulnerability of File.fnmatch and File.fnmatch?

Built-in methods File.fnmatch and its alias File.fnmatch? accept the path pattern as their first parameter. When the pattern contains NUL character \0, the methods recognize that the path pattern ends immediately before the NUL byte. Therefore, a script that uses an external input as the pattern...

Ruby 本地文件创建漏洞(CVE-2012-4522)

Bugtraq ID:56115 CVE ID:CVE-2012-4522 Ruby on Rails是一款Web应用程序框架，构建在Ruby语言之上。 Ruby的文件创建函数存在安全漏洞，允许攻击者在文件路径中注入非法NULs创建恶意文件。 0 Yukihiro Matsumoto Ruby 1.9.3 dev Yukihiro Matsumoto Ruby 1.9.2 RC2 Yukihiro Matsumoto Ruby 1.9.2 P180 Yukihiro Matsumoto Ruby 1.9.2 P136 Yukihiro Matsumoto Ruby 1.9.2 P0...