Lucene search
K

10 matches found

OSV
OSV
added 2025/07/24 4:37 p.m.7 views

CLSA-2025-1753375058 ruby: Fix of CVE-2024-27281

CVE-2024-27281: fix object injection and remote code execution in .rdocoptions and documentation cache loading...

4.5CVSS7.8AI score0.01571EPSS
Exploits0References1
Amazon
Amazon
added 2024/09/18 12:0 a.m.22 views

Medium: ruby

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

4.5CVSS7.8AI score0.01571EPSS
Exploits0
OSV
OSV
added 2024/06/11 12:0 a.m.28 views

ALSA-2024:3838 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

9.8CVSS7.8AI score0.02637EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.31 views

AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3670 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.02364EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 3:11 p.m.2 views

DEBIAN-CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.3AI score0.01571EPSS
Exploits0References1
Mageia
Mageia
added 2024/05/09 2:40 a.m.64 views

Updated ruby packages fix security vulnerabilities

Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...

9.8CVSS6.8AI score0.02364EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/04 12:0 a.m.30 views

Debian dsa-5677 : libruby3.1 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5677 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5677-1 [email protected] https://www.debian.org/securit...

9.8CVSS7.4AI score0.02364EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/05/03 12:0 a.m.23 views

Fedora 39 : ruby (2024-31cac8b8ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-31cac8b8ec advisory. Upgrade to Ruby 3.2.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.8CVSS7.6AI score0.02637EPSS
Exploits0References6
OSV
OSV
added 2024/03/25 7:36 p.m.25 views

GHSA-592J-995H-P23J RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.2AI score0.01571EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2024/03/25 7:36 p.m.57 views

RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.1AI score0.01571EPSS
Exploits0References16Affected Software1
Rows per page
Query Builder