ROS-20250826-03

Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

Ruby SAML 安全漏洞

Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A security vulnerability exists in Ruby SAML version 1.18.0 and earlier, which stems from validating the Base64 format of a SAML response before checking the message size, and could lead to resource...

RLSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

RLSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

ROS-20250619-02

A vulnerability in the Net::IMAP module of the Ruby programming language is related to uncontrolled memory allocation. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

ROS-20250616-03

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to insufficient insufficient validation of data provided by an attacker in Rack::CommonLogger. Exploitation of the vulnerability could Allow an attacker acting remotely to manipulate data log entr...

[SECURITY] Fedora 41 Update: ruby-3.3.8-19.fc41

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

ROS-20250403-16

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

USN-7256-1 ruby2.7 vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service...

ROS-20250109-08

The ungetbyte and ungetc methods of StringIO string handler for Ruby programming language are vulnerable to with an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of protected information...

RLSA-2024:10834 Important: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

Important: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

ROS-20240918-01

A vulnerability in the CGI::Cookie.parse function of the Ruby programming language is related to incorrect processing of security prefixes in cookie names. security prefixes in cookie names. Exploitation of the vulnerability allows an attacker, acting remotely, to affect data integrity...

ROS-20240826-12

Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...

ROS-20240826-09

The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...