MiracleLinux 8 : ruby:3.1 (AXSA:2024-7629:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7629:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

Linux Distros Unpatched Vulnerability : CVE-2023-39663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and...

ruby security update

3.0.7-165 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-86104 - Fix ReDoS in CGI::UtilescapeElement. CVE-2025-27220 Resolves: RHEL-86130 3.0.7-164 - Undefine GC compaction methods on ppc64le. Resolves: RHEL-83136 - Fix printing warnings when using IRB from a script...

ruby:3.1 security update

ruby 3.1.5-145 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary...

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

ruby:3.0 security update

ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time...

[SECURITY] [DLA 3800-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3800-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024 https://wiki.debian.org/LTS -...

ALSA-2023:7025 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

ruby:2.7 security, bug fix, and enhancement update

ruby 2.7.8-139 - Upgrade to Ruby 2.7.8. Resolves: rhbz2149262 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in Time. Resolves: CVE-2023-28756 rubygem-abrt 0.4.0-1 - Update to abrt 0.4.0. Resolves...

Fedora 36 : ruby (2023-a7be7ea1aa)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a7be7ea1aa advisory. Upgrade to Ruby 3.1.4. Fix ReDoS vulnerability in URI CVE-2023-28755 Fix ReDoS vulnerability in Time CVE-2023-28756 Fix bundler improperly resolving...

Fedora 37 : ruby (2023-f58d72c700)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f58d72c700 advisory. Upgrade to Ruby 3.1.4. Fix ReDoS vulnerability in URI CVE-2023-28755 Fix ReDoS vulnerability in Time CVE-2023-28756 Fix bundler improperly resolving...

Slackware: Security Advisory (SSA:2023-090-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0444-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies bnc1207455...

OPENSUSE-SU-2022:0657-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

How I was in ModSecurity core rule set to find ReDOS vulnerabilities-vulnerability warning-the black bar safety net

This article tells me is how in the world well-known WAF rule set to find ReDOS vulnerabilities, if you are not yet familiar with regular expressions and ReDOS vulnerability, you can read my previous article: https://nosec.org/home/detail/2506.html the. Simple to say that the ReDOS vulnerability...

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Two ReDoS vulnerabilities in modules included in the Node.js n...

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool

Summary Two ReDoS vulnerabilities in modules included in the Node.js npm tool shipped by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2016-2515 DESCRIPTION: Node.JS hawk is vulnerable to a denial of service, caused by an error in the regular expressi...

redos

This plugin finds ReDoS regular expression DoS vulnerabilities as explained here: http://en.wikipedia.org/wiki/ReDoS Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code...